Marcus J. Ranum (mjr @
iwi .
com) wrote:
:
: No, it does not. Let's be careful with our terminology
: here. SecurID and many HHAs rely on "secret key" techniques
: for security. In other words, there is some kind of hidden
: shared secret which is used to encrypt/authenticate. That is
: not anywhere even remotely at all like being in the ballpark
: of "security through obscurity" unless you call having a
: secret encryption key "obscurity" in which case virtually
: all security is via obscurity and nothing more.
I was always told that "security through obscurity" is relying solely
on something that, if compromised, cannot be changed easily. So a
key is not, an algorithm will usually be, a specific hardware device
design is.
I think that criterion helps a lot in telling when we have STO.
Julio
--
Julio Sanchez, SGI Soluciones Globales Internet
Tel/Fax: 91/804 14 05 WWW: http://www.esegi.es
jsanchez @
esegi .
es jsanchez @
gmv .
es
PGP Key fingerprint = E5 29 93 6F 41 4E 00 E2 90 11 A1 8C 72 D0 DE 71
References:
|
|
