Decrypting the Secret to Strong Security

← Back to Stories (view on slashdot.org)

Decrypting the Secret to Strong Security

Posted by michael on Thursday January 16, 2003 @04:39AM from the common-sense dept.

farrellj writes "Cnet has an excellent article by Whitfield Diffie, who has probably has forgotten more about crypto than 99.9% of us will ever know, explains why secrecy does not equal security. The article also addresses the whole "open source vs proprietary software" security issue. A definite *must read* for anyone concerned about security...and that should be everyone!"

19 of 261 comments (clear)

Accuracy by Anonymous Coward · 2003-01-16 04:43 · Score: 2, Funny

who has probably has forgotten more about crypto than 99.9% of us will ever know

What's the margin of error on that figure?
1. Re:Accuracy by Anonymous Coward · 2003-01-16 04:48 · Score: 4, Funny
  
  It is known that 84.2% of people make up percentages on the spot... I would bet that the rest use outdated data (e.g. older than 1 second).
Easy Secure Encryption by Anonymous Coward · 2003-01-16 04:44 · Score: 4, Funny

I just double ROT-13 everything for maximum protection. It seems to work so far. -- Note this message has been encrypted with double ROT-13 any attempts to understand it will in violation of the DMCA and will be duly noted.
1. Re:Easy Secure Encryption by KDan · 2003-01-16 04:51 · Score: 5, Funny
  
  You fool! As is well known to anyone who follows Microsoft security bulletins (and who knows more about security than Microsoft) you need to use octuple-ROT-13 at least to guarantee good security!
  
  Daniel
  
  --
  Carpe Diem
2. Re:Easy Secure Encryption by haystor · 2003-01-16 05:32 · Score: 2, Funny
  
  Can anyone from a non-DMCA country crack his ROT-13 and translate? I'd love to know what this guy said.
  
  --
  t
3. Re:Easy Secure Encryption by FroMan · 2003-01-16 06:19 · Score: 3, Funny
  
  You could always rot26 it since, that would be twice as secure as rot13.
  
  OR!
  
  I always use primes... everyone in crytology knows you need to use primes. So, you have to use two primes, like rot13 it 5 times, then 3 times. How do you think its going to work without using primes?
  
  OR!
  
  Another way to secure your data is to use rot(prime). I also found that you can rot3 and then rot23 it, or even rot7 and rot19.
  
  Luckly I didn't do that to this post or else it might have been impossible to ever read.
  
  --
  Norris/Palin 2012
  Fact: We deserve leaders who can kick your ass and field dress your carcass.
He's right, you know by Chocolate+Teapot · 2003-01-16 04:46 · Score: 5, Funny

The secret to strong security: less reliance on secrets
I have a couple of rottweilers and make no secret of it. Wanna try some social engineering on them?

--
Modest doubt is called the beacon of the wise. - William Shakespeare
1. Re:He's right, you know by Anonymous Coward · 2003-01-16 05:13 · Score: 2, Funny
  
  "Social engineering" on a Rottweiler is actually very easy. You bribe the dog with a nice tasty steak (or a big doggie biscuit, or some other treat).
2. Re:He's right, you know by Chocolate+Teapot · 2003-01-16 05:41 · Score: 2, Funny
  
  Every seen how much steak it takes to bribe a Rottweiler? It's gonna cost you an arm and a leg ;)
  
  --
  Modest doubt is called the beacon of the wise. - William Shakespeare
3. Re:He's right, you know by stinky+wizzleteats · 2003-01-16 08:11 · Score: 3, Funny
  
  I have a couple of rottweilers and make no secret of it. Wanna try some social engineering on them?
  
  No problem. For my demonstration, I will require a large explosive robot dressed in a female rottweiler suit.
Secrecy DOES equal Security by MojoMonkey · 2003-01-16 04:47 · Score: 2, Funny

... unless a woman enters the loop!

--

----- "Blame the guy who doesn't speak English." -- Homer J. Simpson
1. Re:Secrecy DOES equal Security by Anonymous Coward · 2003-01-16 04:56 · Score: 3, Funny
  
  ... unless a woman enters the loop!
  
  So that must mean that most slashdotters are the most secure people on the planet.
2. Re:Secrecy DOES equal Security by MojoMonkey · 2003-01-16 04:56 · Score: 3, Funny
  
  You have never ever seen a woman, you never will
  
  Then what the hell was it that put a gold band on my ring finger??? Now I'm scared to go home, thanks alot.
  
  --
  
  ----- "Blame the guy who doesn't speak English." -- Homer J. Simpson
Re:FP! ...anyway... by Anonymous Coward · 2003-01-16 04:55 · Score: 1, Funny

secrecy != security

True, I also tend to rely on complete lack of importance and relevance == Total insecurity.

I am so pathetic and worthless. Somebody love me?
IANAL, but... by Anonymous Coward · 2003-01-16 04:56 · Score: 4, Funny

"If you depend on a secret for your security, what do you do when the secret is discovered?"

Doh! That's obvious - Use the DCMA to sue their butts.
MY BOX IS UNHACKABLE by zapfie · 2003-01-16 05:06 · Score: 2, Funny

My IP is 127.0.0.1. Do your worst.

--
slashdot!=valid HTML
Re:FP! ...anyway... by brejc8 · 2003-01-16 05:09 · Score: 2, Funny

Whitfield Diffie, who has probably has forgotten more about crypto than 99.9% of us will ever know, explains why secrecy does not equal security.

And he would tell us all about it if he had a mouth

--
Mouse powered Chips, Open source Processors and Lego
That's OK by Anonymous Coward · 2003-01-16 06:27 · Score: 1, Funny

Every seen how much steak it takes to bribe a Rottweiler? It's gonna cost you an arm and a leg ;)

That's OK as long as it isn't my arm and leg!
Re:So many bugs by evilviper · 2003-01-16 08:04 · Score: 3, Funny

Well, the problem is that more and more people keep showing up, despite the man with the machine gun.

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant