Re: Re: How secure is XOR encryption?

that is Security through Obscurity which is a bad thing to rely on.

You've stumbled across a pet peeve of mine. Despite what Elias Levy preaches unto the masses, "Security through Obscurity" is not a bad thing.

Consider a basic staple of security, the username/password combination. This is obscurity. You are betting that someone will not guess that combination. Granted, you should restrict access to certain hosts, have layers of security, proper logging to detect password cracking and other bad stuff, blah blah blah, but if someone guesses all your 14 character lowercase uppercase alpha numeric passwords (with that exclamation mark at the end, yes I know ;) on the first shot, you're probably screwed.

There is nothing wrong with this though, security is just Playing the odds and chances are, if you pick good passwords and follow some basic practices, you're system will be compromised via some other method :).

I should also note that many people, possibly including you, might say I'm bending the meaning of the term a bit. They only use the term "Security through Obscurity" to refer to the belief that if the details of a system are not made publicly available the system will be more secure. People who hold this belief sometimes also suggest that vulnerability details should be restricted to vendors and a small number of people. While I do believe that giving too much information out does make it more likely that your system will be compromised, I do not believe restricting vulnerability disclosure would be a good idea. Giving a little notice to the vendor is polite though.

Comment on Re: Re: How secure is XOR encryption?

Replies are listed 'Best First'.
Re: Re: Re: How secure is XOR encryption? by Dog and Pony (Priest) on Apr 26, 2002 at 13:00 UTC
I understand what you mean, and don't really disagree, but that is just semantics. People do know what you mean; it is like when people say that "drinking is bad for you, or for your brain", they don't mean that all intake of liquid is bad (it is after all a necessity). Even though it may seem a silly example, context is the key to most of our communication, although a certain expression may not be "true" verbatim. You did know, as did most others, exactly what I meant, and as an expression, in this context, it means the subset described approximately in the link I gave to the Jargon files. And no, I will not battle you over it, really. I just couldn't resist. Heheh. Like I said, you are correct, also. :) You have moved into a dark place. It is pitch black. You are likely to be eaten by a grue.	[reply]
Re: Re: Re: Re: How secure is XOR encryption? by cjf (Parson) on Apr 26, 2002 at 18:06 UTC
I understand what you mean, and don't really disagree, but that is just semantics. Exactly, it is just semantics. People often misuse the term "Security through Obscurity" and it generates a lot of confusion. This leads to the attitude that you shouldn't hide any information about your system and that obscurity is a bad thing when it comes to security. Both of which are not true. From the Jargon file on "Security through Obscurity": A term applied by hackers to most OS vendors' favorite way of coping with security holes -- namely, ignoring them, documenting neither any known holes nor the underlying security algorithms, trusting that nobody will find out about them and that people who do find out about them won't exploit them. As you can see, this has very little to do with many common usages of the term. And no, I will not battle you over it, really. Well that's no fun ;-).	[reply]
Re: Re: Re: Re: Re: How secure is XOR encryption? by Dog and Pony (Priest) on Apr 27, 2002 at 01:07 UTC
This leads to the attitude that you shouldn't hide any information about your system and that obscurity is a bad thing when it comes to security. This we can definetely agree on - this is not what I want. I've seen some people advocate this, and I think that is downright stupid. The mere fact that a hidden item might be discovered definetely doesn't mean that it should be paraded on display. It is like saying a protected jewel might be stolen, so we might as well give it away. On the other hand, those that draw that conclusion from those arguments... well, they will have a hard time keeping security, so hopefully evolution will prevail on this one. :) this has very little to do with many common usages of the term. I disagree. The common usage is the one I used, in this context. Or at least, that is my perception. And as far as that goes, Your Kilometrage May Vary (YKMV). ;-) Well that's no fun ;-). Ah darn it, Let's fight! wide grin You have moved into a dark place. It is pitch black. You are likely to be eaten by a grue.	[reply]