Security through obscurity Kerckhoffs's principle

-


it moderately common companies, , standards bodies in case of css encryption on dvds, keep inner workings of system secret. argue security obscurity makes product safer , less vulnerable attack. counter argument keeping innards secret may improve security in short term, in long run systems have been published , analyzed should trusted.


steve bellovin commented:



the subject of security through obscurity comes frequently. think lot of debate happens because people misunderstand issue.


it helps, think, go kerckhoffs s second principle, translated system must not require secrecy , can stolen enemy without causing trouble, per http://petitcolas.net/fabien/kerckhoffs/. kerckhoffs said neither publish nor keep secret ; rather, said system should still secure if enemy has copy.


in other words – design system assuming opponents know in detail. (a former official @ nsa s national computer security center told me standard assumption there serial number 1 of new device delivered kremlin.) after that, though, there s nothing wrong trying keep secret – s hurdle factor enemy has overcome. (one obstacle british ran when attacking german enigma system simple: didn t know unkeyed mapping between keyboard keys , input rotor array.) – don t rely on secrecy.









Comments

Post a Comment

Popular posts from this blog

CACHEbox ApplianSys

-
cachebox230 server appliance cachebox s caching engine employs code squid project. in 2005 launched becta approved protex content filtering service in collaboration east of england broadband network, represent more 2800 schools across 10 authorities. in 2006, acquired assets , customer base of rival freedom2. has since expanded activity north american schools market , caching device requested schools 2015 e-rate funding.
Read more

Kinship systems Apache

-
hide painting depicting apache girl s puberty ceremony, naiche (chiricahua apache), ca. 1900, oklahoma history center the chiricahua language has 4 different words grandparent: -chú maternal grandmother , -tsúyé maternal grandfather , -chʼiné paternal grandmother , -nálé paternal grandfather . additionally, grandparent s siblings identified same word; thus, 1 s maternal grandmother, 1 s maternal grandmother s sisters, , 1 s maternal grandmother s brothers called -chú. furthermore, grandparent terms reciprocal, is, grandparent use same term refer grandchild in relationship. example, person s maternal grandmother called -chú , maternal grandmother call person -chú (i.e. -chú can mean child of either own daughter or sibling s daughter.) chiricahua cousins not distinguished siblings through kinship terms. thus, same word refer either sibling or cousin (there not separate terms parallel-cousin , cross-cousin). additionally, terms used according sex of speaker (unlike english terms broth...
Read more

Western Apache Apache

-
a western apache woman san carlos group western apache include northern tonto, southern tonto, cibecue, white mountain , san carlos groups. while these subgroups spoke same language , had kinship ties, western apaches considered separate each other, according goodwin. other writers have used term refer non-navajo apachean peoples living west of rio grande (thus failing distinguish chiricahua other apacheans). goodwin s formulation: apache peoples have lived within present boundaries of state of arizona during historic times exception of chiricahua, warm springs, , allied apache, , small band of apaches known apache mansos, lived in vicinity of tucson. cibecue western apache group, according goodwin, north of salt river between tonto , white mountain apache, consisting of ceder creek, carrizo, , cibecue (proper) bands. san carlos. western apache group ranged closest tucson according goodwin. group consisted of apache peaks, arivaipa, pinal, san carlos (proper) bands. arivaipa (also ara...
Read more