Jan-Erik Soderholm wrote:
> On 2010-04-25 16:40, Isaac Marino Bavaresco wrote:
>
>   
>> This expression refers to algorithm obscurity. Of course there is always
>> some secret, isn't the cryptographic key a secret?
>>     
>
> No (end yes).
>
> Modern crypto uses two keys, one secret (that you never
> distributes) and one public that is used to encrypt
> data sent *to* you.
>
> When sending *from* you to someone else, you simply use
> the other parts public key (you do not need the other
> parts secret key, of course).
>
> The only keys that are ever transfered are public keys so
> that can be put on some webpage or similar...
>
> http://en.wikipedia.org/wiki/Asymmetric_key_algorithm
>
>   
The point is that the algorithm, the method isn't secret. Only the 
private key.

Mifare and other systems such as analogue cable scrambling were secret. 
There was no real security once the method or algorithm was known. It 
doesn't just apply to cryptography. A lock that depends on people not 
knowing how it works isn't secure once it is distributed someone can buy 
it and take it to bits and then devise a method to defeat it.

Criminals have been known to buy latest model "safes" etc. Your security 
must work even when Moriarty has the schematic.
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist