Re: encrypt/decrypt

• Date: Wed, 28 Aug 1996 09:47:04 PDT
• From:
  "Seth I. Rich" <sir@po.cwru.edu>
• Cc: moo-cows@parc.xerox.com, Jeff Goff <jeffgoff@synergy.net>
• Content-Type: text/plain; charset="us-ascii"

(I'm not clear who wrote this -- I haven't been reading this thread but
this paragraph screamed out at me.)

> But I maintain, it is not making the data unrecognizeable that
> is hard, it is hiding the information about HOW you made it unrecognizeable
> so that no one can just walk in, and steal the password, and have access
> to your system.

Bad bad bad.  This isn't how crypto works.  What you suggest is called
"security by obscurity" by people who are being kind.  What crypto experts
promote are open and testable algorithms -- if the encryption is crackable
it's not secure, that's the end of it.  (If a crypto company claims to have
a `proprietary' algorithm, odds are it's crap.  Especially if they say
something like: BriarCrypt is highly immune to all decryption techniques,
and we'll give you $400 and five free licenses if you crack this encrypted
message: FDSHKFYHRIA49821384YWQHDKJWA79.)

It -is- about making the data unrecognizable.  If you know that document
`foo' is PGP-encrypted, that does you no good -- you can't read it unless
you know the keys or brute-force it somehow.  That's where the strength
of the encrypting comes in -- not in hiding -how- you did it, but in
ensuring that the mechanism you used is reliable.

Seth / Blackbriar
----------------------------------------------------------------------
Seth I. Rich - sir@po.cwru.edu
                                 There is nothing more precious than
Rabbits on walls, no problem.    a tear of true repentance.

• Re: encrypt/decrypt
• From: "Robert J. Brown" <rj@eli.wariat.org>
• Re: encrypt/decrypt
• From: Gustavo Glusman <bmgustav@bioinformatics.weizmann.ac.il>

• Prev: Re: encrypt/decrypt
• Next: Re: encrypt/decrypt
• Index: MOO-cows
• Thread: MOO-cows