From: smb@research.att.com
To: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Message Hash: 971af1b06899fa3100644a4b879807b6a1c259c3bdca8db8f3f0ae1c5e473a16
Message ID: <9403040100.AA21896@toad.com>
Reply To: N/A
UTC Datetime: 1994-03-04 01:00:14 UTC
Raw Date: Thu, 3 Mar 94 17:00:14 PST
From: smb@research.att.com
Date: Thu, 3 Mar 94 17:00:14 PST
To: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Subject: Re: Standard for Stenography?
Message-ID: <9403040100.AA21896@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
I welcome any and all of Bill Stewart's comments on this
issue. I have, since the beginning, noticed a distinct
dislike of "security-through-obscurity" among the senior
members of this and other similar lists/newsgroups. Many
people preach this dislike. Most don't seem to understand its
foundations fully; neverthelless, they consider it a closed
issue and usually don't bother to explain why.
Obscurity is certainly a help. Attacking an unknown system is very
much harder than attacking a known one. And everyone in the business
knows that.
However -- in the real world, as opposed to an academic exercise,
you cannot keep an algorithm secret forever. Partners will betray
you, spies will steal copies, enemies will capture them. Do you
trust everyone on cypherpunks? Should you? If your algorithm is not
strong enough to withstand an attack by an enemy who has captured
it, you're in trouble. And although you can replace the algorithm,
it's a lot harder than changing keys -- good cryptoalgorithms take
a *lot* of work, and the details often matter a lot. Besides, your
old traffic will then be readable.
Security through obscurity is more than a buzzword. It's a necessity
in this business.
--Steve Bellovin
Return to March 1994
Return to “smb@research.att.com”
1994-03-04 (Thu, 3 Mar 94 17:00:14 PST) - Re: Standard for Stenography? - smb@research.att.com