[Info-vax] What to do with my VAX.....
Bill Gunshannon
bill.gunshannon at gmail.com
Mon Nov 16 09:46:26 EST 2020
On 11/16/20 9:32 AM, Dave Froble wrote:
> On 11/16/2020 3:38 AM, Phillip Helbig (undress to reply) wrote:
>> In article <rot4rj$onr$1 at dont-email.me>, Dave Froble
>> <davef at tsoft-inc.com> writes:
>>
>>> I'm not saying that an attacker doesn't know the algorithm, I'm saying
>>> the attacker does not know the secret key. But, however unlikely, an
>>> attacker could "guess" the secret key on his first try. It is the fact
>>> that an attacker doesn't know the secret key is the "obscurity" aspect
>>> of the security. Since an attacker could get incredibly lucky and guess
>>> the secret key on his first attempt, then it is only the difficult of
>>> that guess that is the security.
>>
>> Right. I think that folks here understand. However, the term "security
>> by obscurity" has a very specific meaning, and it is confusing to use it
>> to mean something else.
>>
>> By your definition, all forms of access restriction are "security by
>> obscurity", since those who have access have it because they have
>> something which those who don't don't, though they could, theoretically,
>> bluff their way through and get lucky.
>>
>
> I was just agreeing with Roland's statement, "ALL ENCRYPTION is security
> by obscurity".
>
You can redefine a term common to the IT world all you want, it
does not change reality.
bill
More information about the Info-vax
mailing list