[AusNOG] RISK - IT Industry - Concern Over Equipment, Being, Installed in Data Centre Facilities - Further Replies

Paul Wilkins paulwilkins369 at gmail.com
Wed Sep 28 16:55:16 EST 2016


Mark,
When I put up my plaque as a consulting cryptanalyst, you'll be the first
to know.

Kind regards

Paul Wilkins

On 28 September 2016 at 15:44, Mark Smith <markzzzsmith at gmail.com> wrote:

> On 28 September 2016 at 15:22, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
> > Or the One Time Pad, which is perfectly secure, but ironically only  so
> far
> > as it is obscure.
> > So should you publish your algorithm for generating a
> > pseudo One Time Pad? Very much depends on circumstances and use case.
> >
>
> Are you a cryptographer/cryptanalyst in the league of Bruce Schneier?
> Otherwise you may be falling into the trap that he has written about:
>
> "Anyone, from the most clueless amateur to the best cryptographer, can
> create an algorithm that he himself can't break. It's not even hard.
> What is hard is creating an algorithm that no one else can break, even
> after years of analysis."
>
> https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign
>
>
>
>
> > Kind regards
> >
> > Paul Wilkins
> >
> > On 28 September 2016 at 14:20, Mark Smith <markzzzsmith at gmail.com>
> wrote:
> >>
> >> On 28 September 2016 at 13:35, Chad Kelly <chad at cpkws.com.au> wrote:
> >> > On 9/28/2016 12:00 PM, ausnog-request at lists.ausnog.net wrote:
> >> >>
> >> >> Or should we perhaps talk about how easy it is to commit fraud?
> >> >>
> >> >> Yes... lets give blueprints to people who are motived by malice so
> that
> >> >> they can go off and do what we're suggesting puts us at risk.
> >> >
> >> >
> >> > Security through obscurity just doesn't work.
> >> >
> >>
> >> Actually it commonly does, this often repeated cliche is a distortion
> >> of Kerckhoffs's principle, which was specific to crytographic
> >> algorithms -
> >>
> >> https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
> >>
> >> "In cryptography, Kerckhoffs's principle (also called Kerckhoffs's
> >> desideratum, Kerckhoffs's assumption, axiom, or law) was stated by
> >> Dutch cryptographer Auguste Kerckhoffs in the 19th century: A
> >> cryptosystem should be secure even if everything about the system,
> >> except the key, is public knowledge."
> >>
> >> Nature has been relying on obscurity for millennia - any animal that
> >> uses camouflage to hide itself is deploying obscurity, and many
> >> animals do. Human militaries have also successfully deployed obscurity
> >> via camouflage. Anybody using a firewall to block inbound ICMP pings
> >> is deploying obscurity.
> >>
> >> When applied more generally, the real point is that obscurity is not
> >> sufficient to be relied upon on alone. If the secret is discovered or
> >> disclosed, you need some other defensive measure. For example, zebras
> >> can also run very fast and kick, and camouflage tanks have big guns
> >> and are able to escape fairly promptly over very rough terrain because
> >> of their tracks rather than having wheels.
> >>
> >> Obscurity works well when it works, but fails absolutely when it fails.
> >>
> >> > Kids are taught how to use computers and the internet at a very young
> >> > age
> >> > now a days.
> >> >
> >> > We have lawyers and signed agreements for a reason, when discussing
> >> > commercially sensitive data, that is why NDAs exist.
> >> >
> >>
> >> An NDA is actually "Security through obscurity". The secondary defence
> >> is the consequence of being sued for breaching the NDA.
> >>
> >> > As for discussing how to commit fraud and other such things, don't be
> >> > stupid.
> >> >
> >> > By all means discuss ways of preventing it though, plenty of
> discussions
> >> > on
> >> > both preventing fraud and other security methods have taken place on
> the
> >> > various web hosting forums over the years.
> >> >
> >> > These were all public discussions.
> >> >
> >> > At the end of the day it all comes down to money and the team and or
> >> > partners that you have involved with the business.
> >> >
> >> >
> >> >
> >> > --
> >> > Chad Kelly
> >> > Manager
> >> > CPK Web Services
> >> > web www.cpkws.com.au
> >> > phone 03 9013 4853
> >> >
> >> > _______________________________________________
> >> > AusNOG mailing list
> >> > AusNOG at lists.ausnog.net
> >> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160928/4bc98c0c/attachment.html>


More information about the AusNOG mailing list