You are right Sean, and of course there IS a huge
advantage in encryption obscurity. The "encryption
community" seem to worship the standard systems and
for very obvious reasons. They are mainly employed
by firms that make products to support these standard
systems, or by govt agencies to make tools to use
and/or decipher the standard systems used by hopefully
everyone.

The focus of the article itself was on "standards" as
such, ie the cryptographic community are largely employed
making "standards" which are then licensed etc to the
end user. These people rarely build actual DEVICES.

The truth is that encryption by obscure algorithm can
be MUCH more secure, although much less licensable. :o)
Both the private sector cryptographers and govt people
have much to gain from everyone using the accepted
"standard" systems. With modern high speed computers any
teenager can scramble data so badly that it can never
be unscrambled (unless algorithm and key are known). Fact.
Use of non-standard algorythms give an enormous headache
to those that would like to decipher the data, where do
they start? The millions invested in people and tools
to break the standard systems are relatively useless.

The MOST secure systems utilise redundancy (hardly ever
used anymore) to add redundant (crap) data into the file.
They also encrypt the entire file as a whole, so there
is no starting point to compare one block to another
which is a common way of deciphering data. By comparison,
the "standard" systems usually avoid redundancy and
also encrypt data in small chunks (on the fly) which is
more suitable for incorporating in stream communications
like the internet etc. But NOT as secure.

As a crude example all you need to do is use a key longer
than the message, with a simple rotary substitution.
About 20 lines of Basic. The scrambled data can NEVER be
decrypted unless key is known, and data is 100% safe from
interception. The people who have stated that DES etc
are the most secure system are simply wrong, the real
benefits of DES and other similar systems come from ease
of use in stream communications and public/private key
systems etc, and it also offers an ACCEPTABLE level
of encryption. In short, the standard systems are superior
mainly from ease of use and benefits of standardisation,
NOT because they are safer. These people WANT you to
believe that the standard is the best, they don't want
people sending stuff back and forth using non standard
algorithms, because they just wouldn't have a prayer of
ever deciphering anything. :o)
-Roman


Sean H. Breheny wrote:
>
> I don't understand why he doesn't consider there to be a small advantage to
> obscurity. If you add an obscure layer (as I suggested several days ago)
> and still have a published crypto layer (with the established layer
> embedded within the obscure one), you get at least as good security as the
> published method WITH the obscurity of the other method. This certainly
> helps decrease the chances that the other side will be able to decipher
> your message.
>
> Sean
>
> At 08:41 AM 5/17/02 +0100, you wrote:
> > >Hi,
> > >now here's a tie in if ever :)
> > >
> > >Secrecy, Security, and Obscurity:
> > >
> > >http://www.counterpane.com/crypto-gram-0205.html#1

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.