home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!spool.mu.edu!uwm.edu!uwm.edu!usenet
- From: rick@ee.uwm.edu (Rick Miller)
- Newsgroups: sci.crypt
- Subject: Re: Keys&Encrypts Transmitted Together
- Date: 10 Jan 1993 13:41:21 GMT
- Organization: Just me.
- Lines: 29
- Distribution: usa
- Message-ID: <1ip921INNk4g@uwm.edu>
- References: <73247@cup.portal.com>
- NNTP-Posting-Host: 129.89.2.33
- Summary: Security through Obscurity
-
- In article <73247@cup.portal.com> Christopher_C_Lapp@cup.portal.com writes:
- >I wonder if anyone has thought of including the key of a
- >message with the message, in such a way that the key of the
- >message was on the surface indistinguishable from the
- >message. [...]
-
- What you've got then, is "Security through Obscurity". In reality, the
- "key" of such a (poor) crypto system is *not* the one transmitted with the
- message. Rather, the key is simply knowing *how* to decript the message.
-
- Generally, this method is shunned by those who know cryptography because it
- offers poor security on a broad scale. What I mean by this is that if any
- large organization were to use it, there would be lots of opportunity for
- someone "outside" to find out how it's done. It would be just as risky as
- having everyone in a large company use the very same password to access
- company records... Eventually, it'll "leak".
-
- It's fine if you're just encrypting your own files and you never tell anyone
- else about it, but it loses its appeal when you try to do anything else.
- It's just too easy to give away a method.
-
- Here's the test: Can you give the source-code to the cracker, and still be
- assured that the cracker won't be able to get in? If not, then your *program*
- is really your "key", and you've got security through obscurity.
-
- So in effect, any such system should only be used where you'd use pig-Latin.
-
- Rick Miller <rick@ee.uwm.edu> | <rick@discus.mil.wi.us> Ricxjo Muelisto
- Occupation: Husband, Father, WEPCo. WAN Mgr., Discus Sys0p, and Linux fan
-