[AusNOG] RISK - IT Industry - Concern Over Equipment, Being, Installed in Data Centre Facilities - Further Replies
Paul Wilkins
paulwilkins369 at gmail.com
Wed Sep 28 15:22:47 EST 2016
Or the One Time Pad, which is perfectly secure, but ironically only so far
as it is obscure. So should you publish your algorithm for generating a
pseudo One Time Pad? Very much depends on circumstances and use case.
Kind regards
Paul Wilkins
On 28 September 2016 at 14:20, Mark Smith <markzzzsmith at gmail.com> wrote:
> On 28 September 2016 at 13:35, Chad Kelly <chad at cpkws.com.au> wrote:
> > On 9/28/2016 12:00 PM, ausnog-request at lists.ausnog.net wrote:
> >>
> >> Or should we perhaps talk about how easy it is to commit fraud?
> >>
> >> Yes... lets give blueprints to people who are motived by malice so that
> >> they can go off and do what we're suggesting puts us at risk.
> >
> >
> > Security through obscurity just doesn't work.
> >
>
> Actually it commonly does, this often repeated cliche is a distortion
> of Kerckhoffs's principle, which was specific to crytographic
> algorithms -
>
> https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
>
> "In cryptography, Kerckhoffs's principle (also called Kerckhoffs's
> desideratum, Kerckhoffs's assumption, axiom, or law) was stated by
> Dutch cryptographer Auguste Kerckhoffs in the 19th century: A
> cryptosystem should be secure even if everything about the system,
> except the key, is public knowledge."
>
> Nature has been relying on obscurity for millennia - any animal that
> uses camouflage to hide itself is deploying obscurity, and many
> animals do. Human militaries have also successfully deployed obscurity
> via camouflage. Anybody using a firewall to block inbound ICMP pings
> is deploying obscurity.
>
> When applied more generally, the real point is that obscurity is not
> sufficient to be relied upon on alone. If the secret is discovered or
> disclosed, you need some other defensive measure. For example, zebras
> can also run very fast and kick, and camouflage tanks have big guns
> and are able to escape fairly promptly over very rough terrain because
> of their tracks rather than having wheels.
>
> Obscurity works well when it works, but fails absolutely when it fails.
>
> > Kids are taught how to use computers and the internet at a very young age
> > now a days.
> >
> > We have lawyers and signed agreements for a reason, when discussing
> > commercially sensitive data, that is why NDAs exist.
> >
>
> An NDA is actually "Security through obscurity". The secondary defence
> is the consequence of being sued for breaching the NDA.
>
> > As for discussing how to commit fraud and other such things, don't be
> > stupid.
> >
> > By all means discuss ways of preventing it though, plenty of discussions
> on
> > both preventing fraud and other security methods have taken place on the
> > various web hosting forums over the years.
> >
> > These were all public discussions.
> >
> > At the end of the day it all comes down to money and the team and or
> > partners that you have involved with the business.
> >
> >
> >
> > --
> > Chad Kelly
> > Manager
> > CPK Web Services
> > web www.cpkws.com.au
> > phone 03 9013 4853
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160928/c9e3cfb8/attachment.html>
More information about the AusNOG
mailing list