 Re: A Truecrypt Trick
Chris Lawrence wrote:
> > > > > The point is that the keys and passwords protect the car and the files.
> > > > > Obscurity protects the keys and the passwords.
> > > >
> > > > Obviously not. Keys and passwords aren't secure because they're
> > > > obscure, they're secure because they're made physically so.
> > >
> > > I'm not talking about security of keys and passwords, I'm talking about
> > > the security of the protection of keys and passwords. Car keys are
> > > quite intrinsically secure but you still have to hide them from
> > > strangers.
> >
> > Yes. That's physical security, not obscurity.
>
> Car keys only protect your car if they are kept out of the way of car
> thieves. Yes it's physical, but necessarily so since they are physical
> objects. The same applies to a password however - in this case it's
> hidden, or obscured, in my head.
It's not obscured in your head at all. You know exactly where it is,
and so does an attacker. Obscurity would be using your child's middle
name as a password and hoping an attacker just happened not to guess
it or see the "all A's" report card on the bulletin board next to the
computer and try it, or writing down a strong password and taping it
to the under side of a desk drawer hoping nobody would look there.
What you do when you keep passwords in your head is still physical
security. You're relying on your physical ability to keep something
secret. Banking on the notion that nobody can beat it out of you, that
you'll talk in your sleep, or that you'll let someone see over your
shoulder when you enter it.
> My knowledge becomes the key that
> keeps the original key safe. Therefore my knowledge is keeping the
> original thing safe.
>
> > There's a difference. Physical security is keeping possession of your
> > keys and not letting a car thief have them. Obscurity would be tossing
> > them on the ground somewhere near your car and hoping a thief doesn't
> > recognize that they're car keys.
>
> They're just two degrees of the same system. I might throw the keys on
They're no such thing at all. When you keep something on your person
(or in your head) you're providing physical security. When you toss
something on the ground or tape it to the bottom of your keyboard and
just pray nobody discovers it, there's no physical security at all. A
safe behind a painting has elements of both. A safe out in the open is
physical. A painting hiding a secret open shelf is pure obscurity. If
you memorize your password then hide behind a drape to avoid attackers
you may have elements of both, but most people don't bother with trying
to make themselves obscure if they're confident nobody can make them
confess their secrets. They and everyone else know exactly who has that
secret, and where they are. Where that secret might be obtained. Thus
there is no element of obscurity. None.
> the floor and hope a thief doesn't recognise them. I might leave them
> on the floor under a newspaper and hope that they're not found. I might
Obscurity.
> raise them off the floor into my pocket and hope a thief doesn't mug me
> for them.
Physical security. Completely different and easily distinguishable
things.
> They're all security by obscurity. Each degree in that
Nope.
> example has a risk attached to it - in some cases it might be acceptable
> to throw my keys on the floor, for example if I'm staying at a friend's
> house and it's his floor. That's an assessment for me to make. In many
That would be no security at all, assuming you were aware your friend
knew about your keys. At least not from your friend. If the house is
secure then you keys are physically secured from outsiders. To what
degree they're physically secure is a matter of debate, but it's still
physical security.
> cases having posession of the keys would be equal to leaving them on the
> floor - for example if I'm walking through an area where people are
> often viciously mugged for their car keys, or where car-jackings are
> rife.
Physical security. Likely to fail unless you're a formidable target,
but physical security none the less.
> In either case there - floor or pocket or car - the result would
> be the loss of the car, making the fancy key/ignition security
> completely irrelevant.
The fact that something might fail is completely irrelevant. There's is
no perfect security of any type.
> > > Ultimately the security of your vehicle comes down to how
> > > well you hide your keys (given that the ignition can't be defeated due
> > > to its intrinsic security). In otherwords the ignition is safe because
> > > the key system is strong. The key is safe because you don't know how to
> > > get it.
> >
> > Actually that's not true at all. In most cases a car thief knows
> > exactly how to get your keys. They're not obscured at all, the thief
> > knows they're right there in your pocket. Or inside the house where
> > your car is parked, or at the mall where you're shopping.
>
> That proves what I'm saying. My car remains safe despite merely keeping
> the keys in my pocket.
Yes. Because the keys are physically secure in your pocket. If you hid
them on top of the back tire that would be obscurity. You're not trying
to hide the fact that you have the keys in your pocket, in fact you
probably put them there in plain view of anyone who happened to be in
the vicinity. And they likely make a bulge that most anyone can
identify. You may even jingle them from time to time out of habit. The
security of your keys depends entirely on you physically maintaining
possession of them, and not one bit on you trying to hide the fact that
you have them.
> My car is protected by a key, and the
> key/ignition mechanism is inherently secure, but ultimately my car
> remains safe because I am good at looking after a small piece of metal
> and plastic, not because it is inherently secure. The same goes for a
> strong password system - ultimately it's protected by obscurity - I know
No. It's ultimately protected by a mathematically secure sequence of
characters and your physical ability to keep them a secret. You're not
trying to hide the fact that you're the one who knows the password any
more than you're trying to hide the fact that you have car keys in your
pocket.
[...]
> Keeping it on a sticky note is just another level in the spectrum of
> "keeping the password from those who should not have it". It's no
> different to keeping it in my head in principle. It's harder to get out
Nonsense. In your head you're maintaining possession and control. On a
sticky note under your keyboard you're abdicating all that and relying
on dumb luck. Two completely different things.
> of my head than it is to get from under my keyboard, but perhaps not
> that much harder. A few minutes of torture might get it with little
> effort. In my head, under my keyboard, they're all just degrees of
> security through obscurity. And of course, they work.
Obscurity fails with an all too predictable regularity. Just ask anyone
who had their house broken into because they hid a key under the door
mat, or their account broken into because they taped their password to
the bottom of their keyboard.
> > > can't access mine because I hide it from you. Ultimately it comes down
> >
> > You haven't hidden anything from me. I know exactly where that password
> > is, and how to get it. If it were worth my time to so so I'd be able
> > to plan and execute an "attack" on you and own your password.
>
> Exactly - you know I have a password hidden from you, yet I remain safe.
Why can't you see that it's not hidden. I know exactly where it is. In
your head. It's security is and always will be your ability to keep it
from me, not my ability to guess where it is.
> As I said months ago, security through obscurity is a risk assessment.
You were as wrong then as you are now.
Security through obscurity is false security. There is none. Any
success is pure luck and any failure is predictable and expected. Real
security on the other hand can be counted on up to the point it's
designed to secure something.
> I don't think anyone is going to torture me for the password to my mail
> account so I can happily remember it. I don't think anyone is going to
Then all the physical security you need is your ability to say no. If
your password were a little more critical, you might need to employ
other additional measures like carrying a weapon or hiring a body
guard. IOW, you'd add additional physical security.
> gain access to my pocket so I can store my car key there. If I felt
Your pocket is physically secure enough for your purposes. Even though
it's obvious exactly where your keys are, they're secure enough. If you
held the keys to a nuclear missile silo your pocket might not be secure
enough.
> that someone WOULD torture me for a password, I would look at
> alternative methods to using a password. And if someone DID
Indeed. Smart cards that could be easily destroyed, additional personal
security, etc. You wouldn't fold the sticky note in half and put it
back under your keyboard hoping that if someone did see it there they
wouldn't open it up to look.
> > Obscurity relies on dumb luck, not the fact that you might be bigger
> > and stronger than me, better armed, or the fact that your password
> > just isn't valuable enough for me to bother with you.
>
> It relies on many variables, where dumb luck isn't something I would
> consider an informed risk assessment. I think that it what most people
That is precisely why security through obscurity is false security, but
still occasionally works. You're playing the odds. Gambling. Not
assessing your real risks and developing sound methods to mitigate them.
 |