[Info-vax] What to do with my VAX.....
Arne Vajhøj
arne at vajhoej.dk
Thu Nov 12 08:20:35 EST 2020
On 11/12/2020 3:59 AM, Dave Froble wrote:
> On 11/11/2020 10:47 PM, Arne Vajhøj wrote:
>> On 11/11/2020 8:54 PM, Dave Froble wrote:
>>> On 11/11/2020 6:56 PM, Alexander Schreiber wrote:
>>>> seasoned_geek <roland at logikalsolutions.com> wrote:
>>>>> ALL
>>>>> ENCRYPTION is security by obscurity. Period.
>>>>
>>>> Thus proving nicely that you know _absolutely_ nothing about
>>>> encryption.
>>>> You imight want to read up on Kerckhoff's principle for starters.
>>>
>>> Well, I wouldn't be so quick to dismiss that statement.
>>>
>>> Isn't not knowing a solution a form of obscurity? Otherwise, if one
>>> knows the key, then there is no security, right? So not knowing the
>>> key is sort of "security by obscurity"?
>>>
>>> There have been multiple instances in the past of codes being broken
>>> and harmful affects because of that. The Japanese code in WWII?
>>>
>>> What is a "secret key", other than "unknown data"? Can such a key be
>>> guessed? Unlikely. But possible.
>>
>> Security by obscurity has a very specific meaning.
>
> That's kind of narrow thinking, isn't it?
It is the standard terminology.
>> It is when the security depends on the algorithm being kept secret.
>>
>> This is generally considered bad.
>>
>> And none of the standard algorithms today use it.
>>
>> You can open any text book on encryption and see the algorithms
>> for AES, RSA etc. and they are still prohibitively difficult
>> to crack.
>>
>> AES 256 bit has a 256 bit key. That is 2 power 256 possible keys.
>> That is a big number.
>
> I agree with all that, but, the statement seems to still apply, at least
> to me. If one doesn't know how to access, then, it is obscure, or by
> the statement, unknown, right?
I a not sure that I can follow you.
AES consist of two things: algorithm and key.
Algorithm is a description of a mathematical transformation of
data. It is constant across all usage. It is public.
Key is data aka a number of bytes. It is different between
usages. It is secret.
The definition of security by obscurity is that the security depends
on the algorithm to be kept secret.
AES does not reply on the algorithm being secret. In fact it is widely
known.
So AES is not security by obscurity.
Arne
More information about the Info-vax
mailing list