Security Basics mailing list archives
Re: Concepts: Security and Obscurity
From: ericfurman () fastmail net
Date: Tue, 10 Apr 2007 11:24:27 -0400
On Wed, 4 Apr 2007 23:27:47 -0400, "Daniel Miessler" <daniel () dmiessler com> said:
On Apr 4, 2007, at 3:55 PM, Pranay Kanwar wrote:"Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility."Thanks for commenting, Pranay. I would argue, however, that this applies to situations where the security of the system RESTS on secrecy, not when the security of the system is independent of any secrecy as a layer. I just don't see any practical, real-world downside to systems such as SPA or Portknocking when they sit in front of daemons that have already been significantly secured.
So, I am going to add a piece of software to protect my other pieces of software from attack? If you can prove that this new piece of software does not provide some new avenue of attack, I might tend to agree. Until then....
Current thread:
- Concepts: Security and Obscurity Daniel Miessler (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
- Re: Concepts: Security and Obscurity ericfurman (Apr 10)
- RE: Concepts: Security and Obscurity David Gillett (Apr 11)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
- RE: Concepts: Security and Obscurity security (Apr 05)
- <Possible follow-ups>
- Re: Concepts: Security and Obscurity work (Apr 04)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- RE: Concepts: Security and Obscurity Mark Sutton (Apr 09)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 05)
- RE: Concepts: Security and Obscurity Mandelcorn, Seymour (Apr 09)
- RE: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- Re: Concepts: Security and Obscurity krymson (Apr 05)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 09)
(Thread continues...)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)