Security Basics mailing list archives

Re: Concepts: Security and Obscurity

From: Pranay Kanwar <warl0ck () metaeye org>
Date: Thu, 05 Apr 2007 01:25:29 +0530

Hi Daniel,

Nice write up,but you are missing the crux of the matter obscurity is
mostly about secrecy and according to kerchoff's princliple and Mr.
Bruce Schneier. secrecy or obscurity induces brittleness in the system.
I'll replay the kerchoff's principle here from the wikipedia

"Kerckhoffs' principle applies beyond codes and ciphers to security
systems in general: every secret creates a potential failure point.
Secrecy, in other words, is a prime cause of brittleness—and therefore
something likely to make a system prone to catastrophic collapse.
Conversely, openness provides ductility."

http://en.wikipedia.org/wiki/Kerchoffs_law

Regards

warl0ck // MSG
http://www.metaeye.org

Current thread:

Concepts: Security and Obscurity Daniel Miessler (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
  - Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
    - Re: Concepts: Security and Obscurity ericfurman (Apr 10)
    - RE: Concepts: Security and Obscurity David Gillett (Apr 11)
- RE: Concepts: Security and Obscurity security (Apr 05)
- <Possible follow-ups>
- Re: Concepts: Security and Obscurity work (Apr 04)
  - Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
    - RE: Concepts: Security and Obscurity Mark Sutton (Apr 09)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 05)
  - RE: Concepts: Security and Obscurity Mandelcorn, Seymour (Apr 09)
- RE: Concepts: Security and Obscurity Daniel Miessler (Apr 05)

(Thread continues...)