From: Black Unicorn <unicorn@access.digex.net>
To: ianf@wiley.sydney.sgi.com (Ian Farquhar)
Message Hash: 3e29b9cd544421fa6894482a26c638378be2a13e0d5b70f5983ec933ded4e6d0
Message ID: <199409192135.AA14970@access1.digex.net>
Reply To: <9409191413.ZM8723@wiley.sydney.sgi.com>
UTC Datetime: 1994-09-19 21:36:47 UTC
Raw Date: Mon, 19 Sep 94 14:36:47 PDT
From: Black Unicorn <unicorn@access.digex.net>
Date: Mon, 19 Sep 94 14:36:47 PDT
To: ianf@wiley.sydney.sgi.com (Ian Farquhar)
Subject: Re: [CyberCash Media hype]
In-Reply-To: <9409191413.ZM8723@wiley.sydney.sgi.com>
Message-ID: <199409192135.AA14970@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain
Ian Farquhar scripsit
>
> On Sep 15, 3:20pm, Jamie Lawrence wrote:
> > Also, I do disagree with your statement "security through
> > obscurity is no security at all." A rather high degree of
> > security can be had through obscurity, but it is often entirely
> > unpredictable whether or not a particlar 'obscurity method'
> > will be secure or not (any 15 year old hiding cigarettes under
> > the bed can attest to that).
I prefer: "security through obscurity ALONE is no security at all."
> In addition, it is also particularly effect if what
> is being obscured is sufficiently secure already, as it just adds another
> layer of protection.
Guess I'm not the only one.
>
> The TLA's understand this concept well, which is one of the reasons they
> classify almost everything they do. One non-obvious fact is that in the
> environment most governments use crypto (eg. widely distributed sites with
> key distribution channels which are more easily compromised than the
> crypto hardware), that the design of the cipher may be easier to keep
> secret than the key itself. As such, the use of security by obscurity
> in the design of the cipher itself is a lot more effective than most
> people would give it credit for.
>
While this may seem to be a joke comment, it is not.
They also classify just about if not exactly everything because it never
will be looked at seriously by the policy makers if it's not marked at
least "secret."
The major hurtle in intelligence is often not collection or analysis, but
persuasion.
> Ian.
-uni- (Dark)
--
073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig!
Return to September 1994
Return to “Phil Karn <karn@qualcomm.com>”