Fiber cut in SF area
Stephen Sprunk
stephen at sprunk.org
Mon Apr 13 14:18:04 UTC 2009
Mike Lewinski wrote:
> Joe Greco wrote:
>> Which brings me to a new point: if we accept that "security by
>> obscurity is not security," then, what (practical thing) IS security?
>
> Obscurity as a principle works just fine provided the given token is
> obscure enough. Ideally there are layers of "security by obscurity" so
> compromise of any one token isn't enough by itself: my strong ssh
> password (1 layer of obscurity) is protected by the ssh server key
> (2nd layer) that is only accessible via vpn which has it's own
> encryption key (3rd layer). The loss of my password alone doesn't get
> anyone anything. The compromise of either the VPN or server ssh key
> (without already having direct access to those systems) doesn't get
> them my password either.
>
> I think the problem is that the notion of "security by obscurity isn't
> security" was originally meant to convey to software vendors "don't
> rely on closed source to hide your bugs" and has since been mistakenly
> applied beyond that narrow context. In most of our applications, some
> form of obscurity is all we really have.
The accepted standard is that a system is secure iff you can disclose
_all_ of the details of how the system works to an attacker _except_ the
private key and they still cannot get in -- and that is true of most
open-standard or open-source encryption/security products due to
extensive peer review and iterative improvements. What "security by
obscurity" refers to are systems so weak that their workings cannot be
exposed because then the keys will not be needed, which is true of most
closed-source systems. It does _not_ refer to keeping your private keys
secret.
Key management is considered to be an entirely different problem. If
you do not keep your private keys secure, no security system will be
able to help you.
S
--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090413/11f873e1/attachment.bin>
More information about the NANOG
mailing list