From: Phil Karn <karn@qualcomm.com>
To: ianf@wiley.sydney.sgi.com
Message Hash: 3bcc454563c80d387c3d3a65f8deda8f3d3f0d0aff770187beb411f580e677b5
Message ID: <199409200305.UAA00155@servo.qualcomm.com>
Reply To: <9409191413.ZM8723@wiley.sydney.sgi.com>
UTC Datetime: 1994-09-20 03:05:16 UTC
Raw Date: Mon, 19 Sep 94 20:05:16 PDT
From: Phil Karn <karn@qualcomm.com>
Date: Mon, 19 Sep 94 20:05:16 PDT
To: ianf@wiley.sydney.sgi.com
Subject: Re: [CyberCash Media hype]
In-Reply-To: <9409191413.ZM8723@wiley.sydney.sgi.com>
Message-ID: <199409200305.UAA00155@servo.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain
Perhaps the saying "security through obscurity doesn't work" should be
amended to say "security that depends on the secrecy of anything that
cannot be easily changed doesn't work".
In most cases, cryptographic keys are far more easily changed than
cryptographic algorithms. That's why it's bad to rely on the secrecy
of an algorithm, but okay to rely on the secrecy of a key.
Phil
Return to September 1994
Return to “Phil Karn <karn@qualcomm.com>”