[1831] in linux-security and linux-alert archive
[linux-security] Re: "Flavors of Security Through Obscurity"
daemon@ATHENA.MIT.EDU (Aleph One)
Sun Jun 7 04:31:35 1998
Date: Tue, 2 Jun 1998 09:51:46 -0500 (CDT)
From: Aleph One <aleph1@nationwide.net>
To: linux-security@redhat.com
In-Reply-To: <saemx8c0be.fsf@gweepery.stallion.oz.au>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On 2 Jun 1998, Christopher Biggs wrote:
> I think you misspelt "utter rubbish".
>
> By the poster's own theory of "equivalence of algorithm and key", then
> varying the algorithm is no different from increasing the key length.
>
> I challenge the poster to memorize a 2048-bit RSA key.
>
> If the algorithm is secret, then how is anybody else to understand
> your messages? I have a machine I use to acheive the same results: a
> shredder.
This is not a fair argument. If we take for example secret key
cryptography we could well make the 'secret' key public and keep secret
the algorithm.
What is boils down to is that the distinction between data(key) and
code(algorithm) has become less clear. He does make some interesting
arguments. The problem is that it is more difficult to design a good cipher
than to select a good key (good keys depend on the algorithm anyway). But
by allowing the key to influence the algorithm you a shifting the burden
of designing a good cipher from the cryptographer to the end
user/software. It may indeed be possible to produce a strong cipher in
such a manner but its certainly no easier taks than designing a strong
regular cipher.
> --
> | Christopher Biggs email:chris@stallion.oz.au | One of the founding membata,|
> | Stallion Technologies, Queensland, Australia | Society for Creative Pluri. |
> | VoiceNet +61-7-3270-4266 Fax +61-7-3270-4245 | Linux: To connect and serve |
> | Send mail with "Subject: sendpgpkey" for my PGP public key. MIME mail OK |
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null