Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Concepts: Security and Obscurity

From: ericfurman () fastmail net
Date: Tue, 10 Apr 2007 11:24:27 -0400
On Wed, 4 Apr 2007 23:27:47 -0400, "Daniel Miessler"
<daniel () dmiessler com> said:


On Apr 4, 2007, at 3:55 PM, Pranay Kanwar wrote:


"Kerckhoffs' principle applies beyond codes and ciphers to security
systems in general: every secret creates a potential failure point.
Secrecy, in other words, is a prime cause of brittleness&#8212;and therefore
something likely to make a system prone to catastrophic collapse.
Conversely, openness provides ductility."


Thanks for commenting, Pranay. I would argue, however, that this  
applies to situations where the security of the system RESTS on  
secrecy, not when the security of the system is independent of any  
secrecy as a layer. I just don't see any practical, real-world  
downside to systems such as SPA or Portknocking when they sit in  
front of daemons that have already been significantly secured.


So, I am going to add a piece of software to protect my other pieces
of software from attack? If you can prove that this new piece of
software does not provide some new avenue of attack, I might
tend to agree. Until then....
Previous By Date Next
Previous By Thread Next

Current thread: