Re: [opensuse] Re: A BIG "show stopper" for openSUSE at the?corporate level anyway!!

On Monday 14 July 2008 01:26:17 am John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M. <rmatov101@xxxxxxxxxxx> wrote:
[1] Security trough obscurity is often criticized as bad practice, but
actually it is the only way security can work.

Simply not true. Just because you don't have all pieces to the
puzzle does not mean that the security is provided by obscurity.

Obscure is something hidden in the dark. While phrase "security trough
obscurity" was used mostly to criticize closed source code where is
impossible to check applied methods by anyone (good and bad), every security
in the world works by hiding in the dark (obscure) some information, ie.
pieces of puzzle.

The entire plans for the lock (or the software) can be provided
but the key is private. Its an absurd argument to state that because
the key is private that obscurity is providing all of the security.

How far it goes is another question, hiding only keys or passwords, or hiding
all and providing physical access only to a part of lock or computer that has
to be accessed, that depends on specifics of application. There is no need
that some highly secure application plans are publicly available, which is
true for locks too. You know standard home locks, but not special.

You will not see lock made out of glass,

Glass breaks.

Sure.
Let me try again, glass lock will provide visual clue when is part of puzzle
solved. Obscuring that information you make lock safe. The same is valid for
computer security.

nor your password is not 'open source'. Obscurity is present in any
security solution.

Describing Keys as obscurity is a stretch. It perverts the entire argument
about closed source code vs open source.

Who was talking about closed source code vs open source, and keys are not
public, so they are obscured.

--
Regards, Rajko
http://en.opensuse.org/Portal needs helpful hands.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: Flight Baggage
    ... much security because the master keys are not too difficult to get. ... don't lock my luggage because I carry my valuables with me. ...
    (rec.arts.disney.parks)
  • RE: Concepts: Security and Obscurity
    ... resources are limited and thus there is a cost to life. ... It is not obscurity in the manner being ... more you spend on security the less of an advantage is gained. ... It also ignores the requirements of a control function. ...
    (Security-Basics)
  • RE: Re: Concepts: Security and Obscurity
    ... so long as you understand that the server location and port number ... security in the slightest." ... Beale's assertion that "Obscurity Potentially Slows Down the Attacker". ... BDO Kendalls is a national association of separate partnerships and entities. ...
    (Security-Basics)
  • Re: NAT external/Public IP
    ... I remember working for an ISP a long while back that was threatened to be disconnected from the Internet if they did not stop routing the 10.x range in their BGP tables. ... Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. ... Why not Security by Design plus Security by Obscurity? ...
    (Security-Basics)
  • RE: Concepts: Security and Obscurity
    ... Subject: Concepts: Security and Obscurity ... I have at no point claimed absolute security measures or cost ... It also ignores the requirements of a control function. ...
    (Security-Basics)