Re: Facebook Image Privacy

[Dan Kaminsky <dan () doxpara com>]

> > Used to think the same, actually.  But if you look at what obscurity
> > is always used to refer, it's "this ordered system has *so much
> > structure* nobody could ever figure it all out".  That's a very
> > different argumentory path than "there is nothing to figure out, they
> > simply mathematically have to know this secret or brute force".
>
> You have chosen "I elect to play by attempting a definition for which
> there can be no agreement."

I am saying operating systems are not like passwords.  I don't think
this exactly controversial.

> Your question: What's the difference between secret and obscure? Could
> you quantify this, say, with a particular number of bits of entropy?

I can quantify this with the rate of change of complexity of a system.
 If you add one kilobyte of complexity to Windows (consuming literally
8192 bits extra space on the DVD), you have not done much to the
difficulty of breaking Windows.  If you add one kilobyte of complexity
to an RSA key (literally, adding another 4096 bits to p and q
respectively), you most assuredly have done much to to the difficulty
of breaking this particular RSA key.

I will grant that we could use better words than "obscure" and
"secret" to represent the difference. But I consider "obscure"
fundamentally different than "utterly unknown".  An obscure band is
not a secret band.  An obscure illness is not a secret illness.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.