New Trusted HW Standard For Windows 8 To Support Chinese Crypto

An anonymous reader writes "A new version of the Trusted Platform Module, called TPM2 or TPM 2.0 by Microsoft, has apparently been designed specifically for the release of Windows 8 this week. The details of this new standard have been kept secret. But a major update to the original TPM standard, which came out 10 years ago, seems to have been very quietly released on the Trusted Computing web site (FAQ) earlier this month. Following in the footsteps of the original, this version is quite a challenging read (security through incomprehensibility?). But this new version also seems to support some controversial crypto algorithms that were made public by the 'State Encryption Management Bureau' of China for the first time about 2 years ago. This is roughly the time that Microsoft seems to have begun working in earnest on TPM2, Windows 8, and probably even Surface. But that's probably just a coincidence. This crypto is controversial because of serious EU concerns with domestic restrictions on the implementation, use, and importation of cryptography in China."

secret standards?

[parodyca]

How does that work

Re:secret standards?

[CanHasDIY]

The same way secret interpretations of law work, I suppose.

Good crypto is born secret, even in the US

[fustakrakich]

If it has publicly released, its usefulness is questionable.

Re:Good crypto is born secret, even in the US

[fustakrakich]

has been...

Re:Good crypto is born secret, even in the US

[Synerg1y]

No it's not, AES is public (among like 100 others), short of using a stupid password, good luck decrypting that one.

Re:Good crypto is born secret, even in the US

[PPH]

The keys are secret, the algorithm isn't.

This probably has more to do with signed crypto modules than some secret method of encryption. The Chinese probably want to build and sign their own rather than 'trust' something compiled in the EU/USA. Big deal. We'd do the same.

Re:Good crypto is born secret, even in the US

The algorithm is intentionally obscure to waste processing time as to make brute forcing it impractical.

The private key (the input to the algorithm) is obscure. The algorithm is typically public. The most widely used ones (like AES) are quite public.

You don't know what you're talking about.

Re:Good crypto is born secret, even in the US

[RCL]

Actually, why is Security Through Obscurity laughable? Don't underestimate people's psychology. If we don't know how the thing works, we usually have better opinion about its guts than they actually deserve ;) (yeah, this also works in favor of proprietary software). Moreover, if you used publicly available algorithm Foo, but disguised it so it's not obvious that it was Foo, that provides you with an additional layer of protection in case some basic flaw in Foo's design is discovered.

Also, hiding your technology costs your enemy more effort (money, time, etc) to just evaluate whether it's worth attacking you.

There were some studies on how well people solve math tasks and it was found important for people to know that the task given was at all solvable in the first place; without that a priori knowledge a lot of people gave up after the first few hours. So why provide the people (and thus, the enemy) with unnecessary knowledge?

Re:Good crypto is born secret, even in the US

[aiht]

How about NSA's Type I ciphers? They are classified TOP SECRET. Would you say they are "weak" or "badly designed?" Do you think NSA keeps them secret because they believe in security through obscurity?

Surely they keep them secret because they don't want other people/countries using them.
Or do they provide a closed implementation for everyone to use?

Re:Good crypto is born secret, even in the US

[davydagger]

could also be to ensure someone doesn't install an OS which bypasses
http://opennet.net/chinas-green-dam-the-implications-government-control-encroaching-home-pc

So you'd have the choice of a few domesticly vetted and modified Operating Systems.

microsoft my guess seems up to the task of supporitng chineese censorship at every turn in exchange for being able to do business unmolested, as they have been. I could only speculate they see censorship as a good thing, and further might be able to work it in their advantage in the future.

Re:Good crypto is born secret, even in the US

[Lincolnshire+Poacher]

The algorithm is typically public. The most widely used ones (like AES) are quite public.

Perhaps he was harking back to the days of DES, with it's obscure NSA-recommended S-boxes that no-one really understood.

They worked very well... somehow. We think.

Re:Good crypto is born secret, even in the US

[arglebargle_xiv]

How about NSA's Type I ciphers? They are classified TOP SECRET. Would you say they are "weak" or "badly designed?" Do you think NSA keeps them secret because they believe in security through obscurity?

Surely they keep them secret because they don't want other people/countries using them. Or do they provide a closed implementation for everyone to use?

They keep them secret because (a) they don't want to reveal their design principles to others and (b) because then instead of attackers being able to immediately start with attacking the algorithm they first have to spend quite a bit of effort just finding out what the algorithm is before they can start attacking it (look at all the crap crypto used in things like RFID transponders that took ages to break because the details weren't readily available). NSA also has special algorithms designed for high-risk situations where there's a chance the design details will be compromised, if one's needed then something not related to anything else in use will be pulled off the shelf and used. Skipjack was an example of a high-risk algorithm, and it did indeed end up being revealed, and it doesn't tell us anything about other NSA designs.

Re:Good crypto is born secret, even in the US

[Gr8Apes]

I'm surprised you've not been skewered, perhaps it's because there's truth in what you say, but your assumptions are way way off. "Normal people" would behave as you say. Governments and hackers operate on an entirely different level and with different motivations, so making something obscure does not deter them at all. And lastly, wrapping some public function Foo and obscuring it provides you with exactly 0 layers of protection should a flaw with Foo be found. For one example, look at all the vectors associated with the Windows WMF rendering engine, which compromised entire suites of software you weren't even aware of using that "feature", and produced what seemed years of vulnerability reports as more and more products were added to the list as additional vulnerabilities were found.

Re:Good crypto is born secret, even in the US

[RCL]

Ok, you are saying that being obscure changes nothing for governments, but may deter normal people... so the net result is still a plus?

Re:Good crypto is born secret, even in the US

[Gr8Apes]

Nope - because "Normal People" wouldn't be especially interested in the possibility to begin with. Heck, normal people didn't even nick their 3.5 floppies to get double the space, instead buying "approved" 1.44 HD floppies. You think normal people are going to be attempting to crack anything?

Re:Good crypto is born secret, even in the US

[RCL]

Still, even putting aside possible deterrent effect on wannabe hackers and script kiddies who, in my opinion, come from "normal people" (but I don't want to argue about this minor point), I don't see how "security through obscurity" is a "laughable concept" as OP asserted. Provided that you aren't developing underlying tech from scratch but consulting/employing experts in the field, a "smoke screen" around your tech is going to strengthen your security, not weaken it.

Also, STO allows you to more easily employ steganography where applicable.

China china china.

Your entire computer was made in china, what makes you think you are safe even if your crypto wasn't?

It's actually the opposite

[e065c8515d206cb0e190]

AES, used by NSA after beeing deemed sufficient for classified information: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security

The NSA/CIA may have quite a few (a lot of) bright minds, but they certainly can't compete with the best worldwide cryptographers.

But don't let the facts get in the way of your conspiracy theories.

Re:It's actually the opposite

Which only means that people with SECRET or TOP SECRET clearance will not have the clearance to know if AES is breakable. People above these clearance levels may very well use other forms on encryption that the NSA cannot break, and may very well know AES is breakable by the NSA. It also means that NSA believes the common folk cannot break AES and decrypt SECRET or TOP SECRET information.
 
Just the devils advocate. I personally do not believe NSA can break AES. But the usage of AES for a particular clearance level proves nothing.

Re:It's actually the opposite

[fustakrakich]

I'm more inclined to believe that a one time pad is used for the juicy stuff. Now, if you wish to go around believing anything the NSA says publicly, knock yourself out, but considering their very nature, I don't..

Re:It's actually the opposite

Why would you ... say that?

Many of the world's best cryptographers work or worked for the NSA or GCHQ.

They invented and have provided proof that they had algorithms 20 years before the civilian world didn't, including PKI.

Now -- just because they once were years ahead does not mean they presently are, but part of the deal with classified systems is there's no way we could ever know until years later if the best /public/ worldwide cryptographers are ahead or behind.

Now, what we do know... is that historically, the NSA changes to the DES boxes strengthened it against a form of cryptanalytic attack that was later published. Although we cannot confirm it did not weaken it against an alternate form of attack (can't prove a negative and all).

The use of AES being sufficient for classified info really proves very little though -- we do know it's not 'good enough' for the higher forms of classification, although when put into modules it can supposedly be used up to top secret.

Now... really, what makes you think they can't compete with the best worldwide cryptographers when... well... they... hire them?

Re:It's actually the opposite

[viperidaenz]

may very well know AES is breakable by the NSA

To encrypt top secret documents with algorithms known to be breakable is negligent. If its breakable by the NSA by brute force, NSA doesn't have the worlds fastest computers, so they are not the only ones capable. If its a flaw in the algorithm, its a public algorithm, so the NSA are not the only ones analysing it.

Re:It's actually the opposite

[wonkey_monkey]

NSA doesn't have the worlds fastest computers

[citation classified]

Re:It's actually the opposite

Wrong. NSA has been doing crypto decades before the academic world got interested in it. They have a huge head start. For instance, they knew about differential cryptanalysis in the 70's, while the academic world didn't discover it until the early 90's. They knew about public key crypto several years before Diffie independently discovered it. These are only two examples, there are many more.

Second, the number of PhD mathematicians they have specializing in crypto is greater than the rest of the world's top experts combined. This means they have their own (huge) body of scientific literature on the subject that no one outside of the Agency gets to see. At the same time, they get to see all the public literature. As former NSA cryptologist Brian Snow says, "We get to cheat. We read your journals, but you can't read ours."

As an analogy, imagine that there was a secret agency doing physics in 1900. One of the physicists working for them was Max Planck. This agency discovered the quantum theory and begins unlocking the secrets of the atom. By the 1940's they have the bomb. Now imagine that the public world starts getting interested in physics and discovers quantum theory in the 1930's. It isn't until the 1970's that they get the bomb. This is about the way it is with NSA and crypto -- they have a huge head-start. A lot of the work the academic community has done has been discovered independently (and certainly much later) than NSA.

Third, AES is only approved for classified information in NSA approved systems! This means, the hardware and software implementation has to be vetted by them first (likely to prevent side-channel attacks, of which AES is notoriously susceptible). And AES is not used in any really sensitive systems. For that NSA is going to use their classified Type I ciphers.

Re:It's actually the opposite

[Miamicanes]

There's obvious proof that the NSA doesn't have the fastest computers on earth -- they aren't a Wall Street trading firm.

Nobody on EARTH spends more staggering amounts of cash on endless tiny incremental upgrades to ensure that their computers are always the fastest computers on earth. They develop their own FPGA-accelerated algorithm accelerators that are hand-tuned to execute their algorithms faster than even the fastest general-purpose computer hardware.

The NSA? They buy Wall Street's cast-offs, and have the SECOND-fastest computers on Earth.

Re:It's actually the opposite

[wonkey_monkey]

they aren't a Wall Street trading firm.

Would you know if they were?

They develop their own FPGA-accelerated algorithm accelerators that are hand-tuned to execute their algorithms faster than even the fastest general-purpose computer hardware.

So what you're saying is, for those specific purposes, they may have the fastest computers on Earth? ;)

Re:It's actually the opposite

[Gr8Apes]

Perhaps you are unaware that NSA gave us SHA-1, SHA-256 and DSA. The reason NIST holds public competitions is so that the tin-foil hatters wont get in an uproar about NSA creating a "backdoored' standard. It also helps satisfy foreign entities who wouldn't feel comfortable with America controlling and creating such a standard. The fact that anyone from any nation can submit ciphers helps ease this suspicion.

I would agree that the "backdoored" standard is a real threat. Just look at things like chipsets from China with backdoors built in. Kind of reminds me of the TPM initiative. I'm sure there are plenty more.

TPM Of Evil

[girlintraining]

Well guys, I don't know about you, but I have only one question: Is it a separate chip on the motherboard? Because if it is, I'm hosting SMC desoldering classes the day this thing hits the market. Who'd have thought the day would come when we'd have to modchip our own damn computers...

Re:TPM Of Evil

[mlts]

I'm too lazy to bother. From what I read, TPM 2.0 will work similar to 1.2. Which means on desktop computers, it ships off, unknowned, and disabled. No need to worry/care about it.

Re:TPM Of Evil

[mlts]

Correction, unowned and disabled.

TPMs do provide some good security for what they are worth. Not perfect, but it helps immensely with laptops, because if done right, a thief has to be able to get in via the OS, as well as have the proper PIN [1], and perhaps even a USB flash drive with a keyfile on it in order to boot.

[1]: Too many wrong guesses, the TPM won't accept any PIN requests for x amount of time, the value doubling each wrong time.

Re:TPM Of Evil

[fuzzyfuzzyfungus]

Well guys, I don't know about you, but I have only one question: Is it a separate chip on the motherboard? Because if it is, I'm hosting SMC desoldering classes the day this thing hits the market. Who'd have thought the day would come when we'd have to modchip our own damn computers...

Depends on the implementation. Some TPMs are not exactly hard to remove(that riser card on the LPC headers is sold as an option for that particular motherboard, so they made it easy to add or remove.

Some, like the chip on which that Asus module is based, or a bunch of the Infineon and Atmel ones, are reasonably civilized TSSOPs. Not hard to remove, allegedly packaged to be hard to tamper with at a chip level; but it's your problem if the firmware/BIOS/whatever flips out and refuses to do anything until the TPM is restored(and each one has a unique, and kept secret from you, RSA key burned in, so you have fun cloning/impersonating it to a hostile chipset...)

If, on the other hand, you have a system with something like the Intel GM45 chipset, you'd better have your microscope and ion beam ready because the TPM is on the same silicon as the motherboard chipset.

The TPMs from the likes of Broadcom are somewhere in the middle: They are integrated directly with some of the company's ethernet(and possibly other; I'm only familiar with the ones in some GigE products) chips; and aren't exactly going to be trivial to remove; but your computer will still work if you take a screwdriver to that part, unlike the Intel ones.

Re:TPM Of Evil

[IamTheRealMike]

Don't be ridiculous. You don't have to modchip your motherboard. The TPM chip is, and always has been, something that provides services to the CPU on demand. It can't control your computer. The computer you're using now probably has one already and it may be used for such nefarious purposes as making disk encryption more secure.

Trusted computing has a needlessly bad rap because of kneejerk reactions like this one. In fact it's a flexible and general tool that can be used for many purposes. For example, you can use it to do sensitive operations on a computer compromised by malware. Games can use it to kick out cheaters. Things get especially interesting when you throw Bitcoin in the mix. It makes feasible autonomous agents, a form of evolutionary AI in which programs maintain their own wallets and rely on trusted computing technologies to protect them from potentially malicious humans who want to steal their money. You can also use it to make sensitive financial platforms like exchanges more secure against hackers. The actual cryptography needed to move money can be done inside the secure world with the root keys being held in the TPM chip. The secure code (PAL) verifies and sanity checks the requested operations. Even if the host machine is completely rooted and starts submitting false orders, it can only submit requests to the secure subsystem, it can't directly steal the money.

Remote attestation is useful any time somebody might want to trade or interact with you but have some assurances around how your computer may behave. DRM was one of the original driving motivations indeed, but even here the way the system works is not "evil" in any sense unless you have a truly warped idea of human relations. The technology lets you prove to some online store that you will follow the rules around using the stuff you're buying - like not simply uploading it to a file sharing network. But if you don't find the terms that store requires acceptable, you just don't shop there: they can't actually force you to run any software or put your computer into any particular state. In other words it lets you prove you are doing what you said you'd do, alternatively, it is designed to make it hard to lie - just a mechanical way to enforce contracts. Unless you're routinely in the habit of defrauding people you enter into contracts with, such a capability should not concern you. And the standards are completely open. You can run such an online store on your own Linux box in your bedroom if you like - there's nothing that tips the playing field in favor of Microsoft or other companies (which is why Bitcoin agents can use it).

Re:TPM Of Evil

[TubeSteak]

Trusted computing has a needlessly bad rap because of kneejerk reactions like this one. In fact it's a flexible and general tool that can be used for many purposes.

Because I'm lazy, I'll just copy and paste a comment I made in another thread about TPM

Ever since TPM was created, we're always just a few bits and bytes away from having it leveraged against us, by them.
And by "us" I mean "the computer users."
By "them" I mean "the hardware manufacturers and software/media companies."

Example: The newest motherboards don't *need* the ability to disable trusted boot. Heck, it'd have been easier to not include it!
We're more or less at the mercy of a small number of companies and their design decisions.

Re:TPM Of Evil

[fuzzyfuzzyfungus]

" they can't actually force you to run any software or put your computer into any particular state."

It certainly is a good thing that nobody involved in computers, software, internet services, etc. has any significant market power... Also good that nobody would ever attempt to mechanically enforce a contract that gives them greater rights than contract law allows(this is why, for instance, DRM systems never trample on fair use rights...)

Definitely nothing to worry about.

Re:TPM Of Evil

[plover]

Don't be ridiculous. You don't have to modchip your motherboard. The TPM chip is, and always has been, something that provides services to the CPU on demand. It can't control your computer.

It can, however, be used to authenticate the BIOS image and the host OS, and completely refuse to run if the machine isn't running a stock BIOS with a manufacturer-signed OS. It's great for securing industrial controllers, web servers, tablet PCs, smartphones, routers, laptops, notebooks, netbooks, embedded systems, desktops, and home entertainment systems who are obviously owned by people just trying to pirate stuff. But no, it doesn't control your computer. Dell and Microsoft do that.

Controversial crypto... Wait, what?

[JaredOfEuropa]

This Chinese crypto is controversial "because of serious EU concerns with domestic restrictions on the implementation, use, and importation of cryptography in China". That doesn't explain much. As I understand it, TPM cannot be deployed in China because of restrictions on crypto in that country.
Does this addition enable deployment of TPM in China? (I'd expect it would, why else add it)
Is it controversial because this specific algorithm has a backdoor, giving Chinese users a false sense of security?
Is it controversial because this algorithm has a backdoor, giving the Chinese government a way to subvert TPM in any device?

In short, I have trouble understanding what the hubbub is about.

Re:Controversial crypto... Wait, what?

[mlts]

I was unclear either. I was thinking it included some Chinese crypto algorithms that were previously secret similar to how Clipper/SKIPJACK were in the 1990s.

If the TPM chip contains additional crypto algorithms, big whoop. They wouldn't be useful for Western stuff, but for Chinese stuff, would be important (since they want their own AES for example.)

That is the only real thing I can think of which the EU would be concerned about.

Re:Controversial crypto... Wait, what?

[Chrisq]

I was unclear either. I was thinking it included some Chinese crypto algorithms that were previously secret similar to how Clipper/SKIPJACK were in the 1990s.

If the TPM chip contains additional crypto algorithms, big whoop. They wouldn't be useful for Western stuff, but for Chinese stuff, would be important (since they want their own AES for example.)

That is the only real thing I can think of which the EU would be concerned about.

I'd double encrypt with the NSA and Chinese algorithms. I don't trust China or America but I can probably trust them not cooperating to snoop data.

Is it controversial because MS can shut down

[Joe_Dragon]

Is it controversial because MS can shut down china and make them pay for software.

The most interesting part

[Citral]

From the FAQ: "TPM 2.0 is intended to be usable for a very broad range of platforms from embedded systems to mobile devices to PCs to servers." In other words, TCG is not dead but actively pushing TPMs to new platforms.

A use case: in case of theft, the permanent storage of your device can be protected against reading the flash memory (of course, assuming your device is locked in the first place) in the same fashion as Bitlocker works on PCs. The secret key with which your corporate data is encrypted can be stored in the TPM bound to a password and/or PCRs. (Assuming, of course, that the TPM itself is not hacked using physical attacks (DPA, etc.). But at least, it raises the bar for the average thief.)

The TPM has non-DRM uses

[johndoe42]

If you ignore all the weird DRM-ish uses (which are basically unsupported for now anyway [1]), the TPM makes a nice cryptographic token. Unfortunately, TPM v1.1 hard-coded the OAEP label to "TPM", which made it incompatible with everything. TPM v2.0 fixes this -- the label is now user-specified. That means that you can use it for modern hardware crypto (sadly, using SHA-1, which should be phased out).

[1] For meaningful DRM, you need an endorsed TPM, which most vendors don't provide. See http://www.privacyca.com/ekcred.html

Re:The TPM has non-DRM uses

[IamTheRealMike]

I think that page is wrong, most TPMs do have EKs. Infineons certainly do and IIRC they're the most popular model. However this does not change your point that the DRM use case was never really functional and work on it seems to have been largely abandoned, perhaps due to the staggering complexity involved.

Making DRM work for things like movies was probably always going to be a non-starter on platforms as heterogenous as the PC. To make it work there'd have needed to be not only unbelievably tight synchronization between what are effectively two different operating systems running in parallel (using hardware virtualization) but also trusted paths through to the video and sound chips, that is, you have to be able to encrypt video/audio data to the hardware without the drivers or OS controlling access being able to actually read that data. Then if you want to close the analogue hole the hardware has to enforce that you play audio via some kind of Cinavia like watermarking engine. It's just an incredibly difficult engineering problem and in the end Microsoft (who was driving most of that use case) lost interest and focused on the Xbox 360 instead, which implements basically the same thing but without the need to support lots of random hardware and software combinations, or work with standards bodies. It works a lot better as a result.

Why does Slashdot hate China?

[AmiMoJo]

Over the least few months there has been a relentless barrage of negative stories about China. Many commentators seem to assume that any technology China has is stolen, all Chinese products are cheap crap and contain government backdoors, and all Chinese people are somehow brainwashed by the government.

China is a big place. There is a huge diversity of people. They have some really strong R&D, lots of good scientists doing cutting edge work. They make some damn good products, for example world class hifi gear.

This crypto standard is open, peer reviewed and seems reasonably solid. Obviously, like all encryption, it will be under continuous scrutiny. As for back doors, considering the US record on attacking other country's IT infrastructure the Chinese are the ones who should be worried.

Re:Why does Slashdot hate China?

[poity]

It's a hive of cynics. Are the negative stories about China really all that different from negative stories about the US?

This is a TCG/TPM-Lib thing. Not a MSFT thing.

[slew]

The headline is slighly misleading. It's not MSFT's spec, it's the Trusted Computing Group (TCG) and their TPM spec.

One of the goals of the new TPM spec was to allow a better way to replace some algorithms because the original TPM spec entangle SHA1 hash in such a way (with the PCR extension mechanism) that it was difficult to replace that hash algorithm when weakness was discovered that algorithm and people wanted to replace it. Once you change the design and open that up you should probably include the usual suspects.

Some interesting additional algorithms added to the support library were SM3_256 and SM4 (the hash and symmetric key algorithms mandated for use in chinese DRM), WHIRLPOOL512 (hash function from NESSIE). In addition of the normal RSA public key stuff, they've also added ECC, ECDSA, ECDH, ECDAA, ECSCHNORR (a smattering of ellipitic curve based standards) to the mix in order to help gain acceptance in those markets that want/need shorter key lengths that are available to EC-derived algorithms that presumably have similar security to their RSA counterparts with longer keys.

Interestingly, although they include the SHA2 family of hash functions as an SHA1 upgrade, the newly minted SHA3 was strangely absent. Also, I don't think they have included SM2 (the chinese ECC signature technique), but that's probably just an oversight. I expect both of these omissions to be remedied with the next release.

Re:Chink in the Armor?

[BoRegardless]

I take this categorization of my post as an honor. The fact that Microsoft would deal this way with China indicates China has virtual monopolistic power over the products they allow into China when they choose to do it.

I personally do not think the Chinese can be trusted and would not believe they would play fair. For god's sake, there are people in their country who make fake baby formula and medicine which have killed people. There is no way I can trust them.

These oppressive govs have high level crypto.

[__aasehi2499]

So why can't the people of these countries have high level crypto too, so that these oppressive govs can't oppress them any more by reading their electronic communications and stored documents???

Re:Security through obscurity flawed saying

[Chrisq]

Whenever I hear people say "security through obscurity is no security at all" like some mantra first I laugh and then I remind them that passwords are an instant counter argument; the passwords, "password" or "12345678" are not obscure and thus suck. The password "g*&Gug®¥øç¥" on the other-hand rocks (Other than being really hard to remember or type)

Well if you are going to ignore the accepted and industry standard meaning of terms you can laugh at anything. Saying that passwords are "security through obscurity" is like saying "booting windows is a bad idea because you might break them". See Kerckhoffs's principle: "Stated simply, the security of a cryptosystem should depend solely on the secrecy of the key and the private randomizer.[Another way of putting it is that a method of secretly coding and transmitting information should be secure even if everyone knows how it works. "

Re:Security through obscurity flawed saying

[WhiteDragon]

And lastly good luck breaking into my safe if I don't tell you where it is or what the combo is.

No problem. Just have a 3-year-old open it.

Re:Security through obscurity flawed saying

[EmperorOfCanada]

Ah but that is exactly what groups like the NSA do. They use algorithms that nobody knows. I suspect, and would bet, that they have crack teams working on cracking known algorithms in order of popularity. The mere fact that their system is unknown or obscure gives it extra security. If they crack any of the better know algorithms I doubt they will go Eureka!, quick, publish our crack in CS101 magazine. But good luck cracking theirs the one that you don't even know exists. It might have some big holes but they are obscured.

If you look at the history of hacks they usually depend on bad security implementation of well known systems. So an SQL injection attack works best if your database is using a well known SQL. The same vulnerability of the poor cleaning of input doesn't work as well if you use an obscure database, say adabas. The hacker would have to first identify the odd database and then cobble together the injection. The same with OSs. Windows his generally hacked first due to its very commonality. Mac is probably next, then linux, and then BSD. In reverse order of obscurity. Thus if I needed a super secure system I check out BSD first just for that reason alone. Plus it seems that BSD has attracted the most paranoid types.