Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Andrew Ross <aross@...>
Subject: Security without obscurity (was: [gentoo-security] firewall suggestions?)
Date: Sun, 01 Feb 2004 10:36:31 +1100
Stewart Honsberger wrote:

> I don't send anything back to any unexpected port probes because I don't 
> want to.
> 
> Sure, to some extent it is security through obscurity, but the old 
> addage isn't entirely correct. If not for security through obscurity 
> we'd all have our PIN numbers sharpie'd on our ATM cards.

Actually, keeping my PIN secret isn't security through obscurity.

The idea of security without obscurity focuses on keeping the number of 
secrets at an absolute minimum. Systems designed around security through 
obscurity tend to rely on the secrecy of certain procedures or 
algorithms - once these are discovered by third parties, the security of 
the system has been reduced.

Moving back to the PIN/ATM example:

Ideally, your PIN should be the ONLY secret involved - the encryption 
algorithms and communication protocols could all be public. In the real 
world, this isn't feasible (eg. ATMs do not authenticate themselves to 
the card holder. If the algorithms and protocols were public, someone 
could theoretically construct a trojan ATM and collect people's PINs and 
bank cards).

Cheers

Andrew

P.S It's a PIN, not a Personal Identification Number (PIN) Number :-) 
Sorry, but it's one of my pet hates (just like Automatic Teller Machine 
(ATM) machines).

--
gentoo-security@g.o mailing list

Replies:
Re: Security without obscurity
-- Mike Tangolics
References:
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ben Cressey
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Stewart Honsberger
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: Security without obscurity
Previous by date:
Re: firewall suggestions?
Next by date:
Re: Security without obscurity


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.