We’ve been thinking about it wrong: The norm has been Insecurity by obscurity
The Crypto AG CIA backdoor story (2020) clarifies to me much of the neverending flood of “outlaw strong crypto” thinkpieces and “lawful access” (a/k/a mandated backdoors) proposals.
Expanding this further, you might also frame this as surveillance by obscurity.
Or the whole suite of information-monopoly vices: surveillance, censorship, disinformation, propaganda, manipulation.
All rely on a level of indirection between the target and the attacker, and on systems whose malicious behaviour is brokered by a not-immediately-apparent flaw.
All security is security by obscurity.
@TransGal4872 The term has a meaning within the art, and that meaning says you and hhardy are wrong.
Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component. Security experts have rejected this view as far back as 1851, and advise that obscurity should never be the only security mechanism.
When I say this is basic long-rejected stuff, I mean century-and-a-half-and-some old.
Which is why the question bores me.
"Security by obscurity" means that knowledge of the method alone is sufficient to compromise a system.
Keyspace search for a sufficiently large keyspace is intractable. The universe will die before you find the key.
With a cryptographic / system compromise, any key is equally insecure, in that 1) defeating the protection is viable and 2) in some sort of reasonable time or expense.
E.g., no matter the size of your alphabet shift, a Caesar's cipher is insecure.
By your logic, OTP is insecure if you know the pad. The point is to not reveal the pad.
@dredmorbius I think I said that it was a bit of a stretch on both parts of the stated problem, I was just saying that hhardy’s point was valid though malformed
@TransGal4872 The point is not valid.
I'm beyond bored already.
Can you give any counter example, please?
@hhardy01 Strong crypto.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!