Firewalls: Re: Secret key versus obscurity

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Secret key versus obscurity
From:	carson @ lehman . com
Date:	Wed, 22 Nov 1995 12:07:54 -0500
To:	Dermot Tynan <dtynan @ fws . ilo . dec . com>
Cc:	mjr @ iwi . com, firewalls @ GreatCircle . COM
In-reply-to:	<9511221042 . AA16631 @ karpov . fws . ilo . dec . com>
References:	<199511220330 . WAA04548 @ switchblade . iwi . com> <9511221042 . AA16631 @ karpov . fws . ilo . dec . com>
Reply-to:	carson @ lehman . com

>>>>> "Dermot" == Dermot Tynan <dtynan @
 fws .
 ilo .
 dec .
 com> writes:

Dermot> Marcus J. Ranum wrote:
>>  SecurID and many HHAs rely on "secret key" techniques for security. In
>> other words, there is some kind of hidden shared secret which is used to
>> encrypt/authenticate. That is not anywhere even remotely at all like
>> being in the ballpark of "security through obscurity" unless you call
>> having a secret encryption key "obscurity" in which case virtually all
>> security is via obscurity and nothing more.

Dermot> I'm not saying it's in the same league as hiding the phone number of
Dermot> the dial-in line, but it is STO.  OK, it's a wide field.  The
Dermot> discussion was whether or not STO is a Bad Thing.  As you're aware,
Dermot> hiding the number of the dial-in line is a bad idea, asking for a
Dermot> pseudo-HHA authentication is a bad idea, etc, but the various other
Dermot> components such as HHAs do use obscurity.  It's just a lot better
Dermot> than the two cases above.  How do you define the difference?  Do you
Dermot> draw a line in the sand and say any scheme like this is STO, but the
Dermot> others aren't?  What, in your mind, is the delineation?  I'm asking
Dermot> that as a serious question, not a rhetorical one.  At first glance,
Dermot> the difference is that it is easy enough to crack the first two
Dermot> examples, and nigh on impossible to crack the HHA.  Rick mentioned
Dermot> the fact that one is easy to change, and the other isn't.  In his
Dermot> example, a password can be changed readily, as can an HHA.  Fair
Dermot> enough.

I'd delineate the differences mostly as follows:

Security Through Obscurity: You hope the hacker won't figure it out, but you
know that an exhaustive search is possible in a reasonable amount of time.

Secrets: You hope that the hacker doesn't social-engineer it out of someone
(rubber-hose cryptoanalysis is hard to prevent), but you know (at least
until tomorrow's CPU release) that the Sun will burn out before a
brute-force attack succeeds.

Of course, this is a constantly moving line. DES used to be secure. Now,
with MicroUnity's CPU announcements, it looks like it's history before too
long.

--
Carson Gaspar -- carson @
 cs .
 columbia .
 edu carson @
 lehman .
 com
http://www.cs.columbia.edu/~carson/home.html
<This is the boring business .sig - no outre sayings here>

References:

Secret key versus obscurity
From: "Marcus J. Ranum" <mjr @ iwi . com>
Re: Secret key versus obscurity
From: Dermot Tynan <dtynan @ fws . ilo . dec . com>

Indexed By Date	Previous:	Re: Secret key versus obscurity From: "william.wells" <william . wells @ damark . com>
Indexed By Date	Next:	Re: Secret key versus obscurity From: jsanchez @ esegi . es (Julio Sanchez)
Indexed By Thread	Previous:	Re: Secret key versus obscurity From: Dermot Tynan <dtynan @ fws . ilo . dec . com>
Indexed By Thread	Next:	Re: Secret key versus obscurity From: jsanchez @ esegi . es (Julio Sanchez)