Dr Skip wrote:

> wouter van ooijen wrote:
>> Another prime directive of cryptografy: security by obscurity is no
>> security at all. 
>> 
> A nice cliche, and with automated tools in a computer environment, there
> is some truth to that, but the difference is in the extremely limited
> time and 'processing power' which will be applied here. 

I agree. This "no security by obscurity" is one of those popular "truths"
where it seems to me that people forget the exact conditions where this is
true. No general rule can replace the need to check the exact requirements
and whether any given solution meets them. 

There are two other principles, and it always is worth checking them:
"nothing is 100% secure" and "secure enough is secure enough" :)

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist