From: "Ian Farquhar" <ianf@wiley.sydney.sgi.com>
Date: Tue, 20 Sep 94 17:38:19 PDT
To: cypherpunks@toad.com
Subject: Re: [CyberCash Media hype]
In-Reply-To: <199409192135.AA14970@access1.digex.net>
Message-ID: <9409211035.ZM14893@wiley.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 19,  5:35pm, Black Unicorn wrote:
> > The TLA's understand this concept well, which is one of the reasons they
> > classify almost everything they do.  One non-obvious fact is that in the
> > environment most governments use crypto (eg. widely distributed sites with
> > key distribution channels which are more easily compromised than the
> > crypto hardware), that the design of the cipher may be easier to keep
> > secret than the key itself.  As such, the use of security by obscurity
> > in the design of the cipher itself is a lot more effective than most
> > people would give it credit for.

> While this may seem to be a joke comment, it is not.

Remember that what is being secured here is almost certainly a stronger
cipher than any of us have access to (representatives of TLA's excepted :),
and so the public scrutiny issue does not arise.

I agree with Black Unicorn's phrase: security by obscurity alone is no
security.  If we need a buzzphrase - which itself is questionable - then
that's about a close as we'll get.

							Ian.