On Mon, 11 Sep 2006, nemo_outis wrote:

> > Trouble is people chant the "security by obscurity never works" mantra
> > so blithely, seemingly trying to look good by association with their
> > equally noisy peers.
>
> "Security by obscurity never works" is a bumper-sticker version of Auguste
> Kerckhoff's principle that, while catchy, sacrifices precision. Kerckhoff's
> principle is presented better in the Wikipedia as: a cryptosystem should be
> secure even if everything about the system, except the key, is public
> knowledge.

Yup, I agree. There are two cryptosystems in existence though.
Secret1 is protected by Key1 as part of CryptoSystem1. However Key1 is
also Secret2 and is protected by Key2 as part of CryptoSystem2. In the
case where Key1 is a car key or a password, Key2 is nothing more than
privileged knowledge, and CryptoSystem2 is security by obscurity.

You're reminding me that CryptoSystem1 ought to be strong through Key1
alone. I'm not disagreeing. I'm talking about the fact that Key1 is
Secret2 and how it is kept that way.

> Kerckhoff's principle recognizes that every secret is a potential
> point of failure, and such points of failure should therefore be
> minimized by "concentrating" all secrecy at one point, the key, which
> can then be guarded without diffusing one's resources. A case of
> accepting the violation of another principle - no single point of
> failure - but compensating by guarding the one secret (i.e., the
> potential point of failure) well.

Exactly, "guarding" being the operative word, almost always coming down
to a case of hiding something, for example a sequence of characters in
your head, or keeping a car key separate from the car.

--
Chris