Comment Kerckhoff and obscurity (Score 1) 265
The article pushes blatant misinformation. Kerckhoff said that a cryptosystem should be secure even if everything about the system, except the key, is known by the enemy. ("Il faut qu'il n'exige pas le secret, et qu'il puisse sans inconvénient tomber entre les mains de l'ennemi" )
Relying on obscurity for your security is poor engineering, in particular for a mass market system. Taking advantage of obscurity for "one of a kind" systems to gain an additional security advantage is fair game.
There's nothing new here, this has been done for decades and centuries. Problems arise when people think this is the golden ticket to keeping the barbarian hordes outside the castle wall.
Relying on obscurity for your security is poor engineering, in particular for a mass market system. Taking advantage of obscurity for "one of a kind" systems to gain an additional security advantage is fair game.
There's nothing new here, this has been done for decades and centuries. Problems arise when people think this is the golden ticket to keeping the barbarian hordes outside the castle wall.
