[Info-vax] What to do with my VAX.....

Alexander Schreiber als at usenet.thangorodrim.de
Sun Nov 15 19:13:28 EST 2020 

Dave Froble <davef at tsoft-inc.com> wrote:
> On 11/11/2020 6:56 PM, Alexander Schreiber wrote:
>> seasoned_geek <roland at logikalsolutions.com> wrote:
>
>>> ALL
>>> ENCRYPTION is security by obscurity. Period.
>>
>> Thus proving nicely that you know _absolutely_ nothing about encryption.
>> You imight want to read up on Kerckhoff's principle for starters.
>
> Well, I wouldn't be so quick to dismiss that statement.
>
> Isn't not knowing a solution a form of obscurity?  Otherwise, if one 
> knows the key, then there is no security, right?  So not knowing the key 
> is sort of "security by obscurity"?
>
> There have been multiple instances in the past of codes being broken and 
> harmful affects because of that.  The Japanese code in WWII?
>
> What is a "secret key", other than "unknown data"?  Can such a key be 
> guessed?  Unlikely.  But possible.

Would it be too much to read up at least _some_ on encryption? One
fundamental property of a _good_ encryption algorithm is that it stands
up to Kerckhoffs Principle: even if the attacker knows everything about
the design of the cryptosystem, it is still secure as long as the
keys are not known to the attacker - which is a derivations of Shannons
"the enemy knows the system" principle.
Good current algorithms like AES have this property - brute force cracking
(trying all keys) takes an entirely uselessly long amount of time and there
are currently no know weaknesses that reduce this time to something useful
(e.g. days or weeks). DES died because at the latest with Deep Crack a
DES brute force key cracking machine was available that scaled linearly
with the money thrown at it - making almost-realtime (days to hours to
minutes) cracking of DES keys possible depending on budget.

Yes, that means exchanging keys between trusted parties so that the
attacker doesn't get to know them is it's own thorny problem, but
there _are_ various solution to that.

Relying on the attacker _not_ knowing the system means you fundamentally
rely on your attacker being stupid and _that_ is a very bold strategy.

Kind regards,
          Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

More information about the Info-vax mailing list