[Info-vax] What to do with my VAX.....

Dave Froble davef at tsoft-inc.com
Mon Nov 16 01:05:44 EST 2020 

On 11/15/2020 7:13 PM, Alexander Schreiber wrote:
> Dave Froble <davef at tsoft-inc.com> wrote:
>> On 11/11/2020 6:56 PM, Alexander Schreiber wrote:
>>> seasoned_geek <roland at logikalsolutions.com> wrote:
>>
>>>> ALL
>>>> ENCRYPTION is security by obscurity. Period.
>>>
>>> Thus proving nicely that you know _absolutely_ nothing about encryption.
>>> You imight want to read up on Kerckhoff's principle for starters.
>>
>> Well, I wouldn't be so quick to dismiss that statement.
>>
>> Isn't not knowing a solution a form of obscurity?  Otherwise, if one
>> knows the key, then there is no security, right?  So not knowing the key
>> is sort of "security by obscurity"?
>>
>> There have been multiple instances in the past of codes being broken and
>> harmful affects because of that.  The Japanese code in WWII?
>>
>> What is a "secret key", other than "unknown data"?  Can such a key be
>> guessed?  Unlikely.  But possible.
>
> Would it be too much to read up at least _some_ on encryption? One
> fundamental property of a _good_ encryption algorithm is that it stands
> up to Kerckhoffs Principle: even if the attacker knows everything about
> the design of the cryptosystem, it is still secure as long as the
> keys are not known to the attacker - which is a derivations of Shannons
> "the enemy knows the system" principle.
> Good current algorithms like AES have this property - brute force cracking
> (trying all keys) takes an entirely uselessly long amount of time and there
> are currently no know weaknesses that reduce this time to something useful
> (e.g. days or weeks). DES died because at the latest with Deep Crack a
> DES brute force key cracking machine was available that scaled linearly
> with the money thrown at it - making almost-realtime (days to hours to
> minutes) cracking of DES keys possible depending on budget.
>
> Yes, that means exchanging keys between trusted parties so that the
> attacker doesn't get to know them is it's own thorny problem, but
> there _are_ various solution to that.
>
> Relying on the attacker _not_ knowing the system means you fundamentally
> rely on your attacker being stupid and _that_ is a very bold strategy.
>
> Kind regards,
>           Alex.
>

I think you misunderstand me.

I'm not saying that an attacker doesn't know the algorithm, I'm saying 
the attacker does not know the secret key.  But, however unlikely, an 
attacker could "guess" the secret key on his first try.  It is the fact 
that an attacker doesn't know the secret key is the "obscurity" aspect 
of the security.  Since an attacker could get incredibly lucky and guess 
the secret key on his first attempt, then it is only the difficult of 
that guess that is the security.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list