Re: Facebook Image Privacy

[der Mouse <mouse () rodents-montreal org>]

> Your question: What's the difference between secret and obscure?

Well, I'm not the person this was addressed to.  But to me, at least,
security-through-obscurity is a fair term only when it's applied to
things which are inherently difficult to change.

For example, suppose I design a super-whizzo crypto algorithm which I
(probably incorrectly :) believe is strong, but only if you don't know
how it works.  Because I presumably can't just come up with another
algorithm at the drop of a hat if this one leaks, that's StO.  But if I
use a good algorithm (Rijndael, let's say) with a key, and the key
leaks, it is not inherently difficult to switch keys.  It won't hurt my
security for you to know everything but the easy-to-change piece, so
it's not StO.  (It may be difficult in certain cases to do a key
change, but that's because of factors peculiar to the context; it is
not _inherently_ difficult.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.