Forgot your password?
typodupeerror

Comment: Kerckhoff and obscurity (Score 1) 265

by tmdybvik (#37582428) Attached to: Security By Obscurity — a New Theory
The article pushes blatant misinformation. Kerckhoff said that a cryptosystem should be secure even if everything about the system, except the key, is known by the enemy. ("Il faut qu'il n'exige pas le secret, et qu'il puisse sans inconvénient tomber entre les mains de l'ennemi" )
Relying on obscurity for your security is poor engineering, in particular for a mass market system. Taking advantage of obscurity for "one of a kind" systems to gain an additional security advantage is fair game.
There's nothing new here, this has been done for decades and centuries. Problems arise when people think this is the golden ticket to keeping the barbarian hordes outside the castle wall.
Google

+ - A Google blunder: the sad story of Urchin->

Submitted by Anenome
Anenome (666) writes "Google has a track record of buying startups and integrating them into its portfoilo. But sometimes those acquisitions go terribly wrong, as Ars Technica argues has been the case with Google's 2005 purchase of web-analytics firm Urchin Software Corp. 'In the wake of Google's purchase of the company, inquiring customers (including Ars Technica) were told that support and updates would continue. Companies that had purchased support contracts were expecting version 6 any day, including Ars. What really happened is this: Google focused its attention on Google Analytics, put all updates to Urchin's other products on the back burner, and rolled out a skeleton support team. Everyone who forked over for upgrades via a support contract never got them, even though things weren't supposed to have changed. The support experience has been awful. Since the acquisition, we have had two major issues with Urchin, and neither issue was solved by Google's support team. In fact, with one issue, we were helped up until the point it got difficult, and then the help vanished. The support team literally just stopped responding.'"
Link to Original Source

"I have not the slightest confidence in 'spiritual manifestations.'" -- Robert G. Ingersoll

Working...