From: an38793@anon.penet.fi
To: cypherpunks@toad.com
Message Hash: 94c955b808d8e02a00cfec184bf74769399a8f96d3e11c547a6e58d44de5600d
Message ID: <9310112341.AA18180@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1993-10-11 23:41:41 UTC
Raw Date: Mon, 11 Oct 93 16:41:41 PDT
From: an38793@anon.penet.fi
Date: Mon, 11 Oct 93 16:41:41 PDT
To: cypherpunks@toad.com
Subject: Re: Security through obscurity
Message-ID: <9310112341.AA18180@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain
> You are not going to be able to keep your algorithm secret, period.
> Those who are determined enough will be able to dig it out of any
> programs or chips you use to implement your algorithm. Security through
> obscurity is stupid because no matter how smart you may think you are
> in hiding your method, there is always someone smarter who will dig it
> out and changing technology constantly lowers the barrier of how smart
> people need to be to dig information out of old locks using new tools.
I agree with this 100%.
The interesting fact is, a lot of commercial programs rely on security
through obscurity. Often, anyone who takes the time to disassemble
the interesting routines, can crack the encryption.
Yes it is stupid. But, a lot of people and companies rely on
"security through obscurity" to protect their applications/data.
Part of this is due to export restrictions, but a large part is just
due to lack of awareness.
One of my favorite applications has embedded in its license
agreement:
"...nor shall the Licensee attempt to decrypt
any Passwords that may enable the Software's functionality..."
This is not a substitute for real security.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
Return to October 1993
Return to “an38793@anon.penet.fi”
1993-10-11 (Mon, 11 Oct 93 16:41:41 PDT) - Re: Security through obscurity - an38793@anon.penet.fi