>> I used to work with a security/cryptology expert. His #1 rule:
>>
>> "Never, ever use obfuscation".
>
>
> While I wouldn't categorize myself as a security expert, much less a
> cryptologist, I would disagree with this. At the very least, I'd amend it to
> "Never, ever use obfuscation as your sole method of security."
I would amend it differently:
"Never, ever use obfuscation if it adds complexity for yourself."
> There is nothing wrong with "security through obscurity", as long as you
> don't rely on it as your only protection. I would draw an analogy between
> computer security and getting shot at. When you're being shot at, there are
> two sorts of protection you might resort to. You might take cover by getting
> behind a solid object that can block fire. You might conceal yourself behind
> something that would obscure you as a target. When you're getting shot at,
> cover and concealment are both useful; concealment won't stop a bullet, but
> it'll lessen the likelihood of people shooting in your direction. Ideally,
> you want both cover and concealment, of course, if for no other reason than
> to avoid the stress of being shot at.
Unless you have cover by an object that will stop the small arms
fire from the other side, but at the same time so well concealed
your side doesn't see you and you die from 'friendly' fire when
your side bombs the opponent.
Obfuscation can hurt the obfuscator, just like a firewall can
introduce a risk to an otherwise well protected computer.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
