gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57394100.hantslug.org.uk.12380': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Sat Feb 24 18:43:24 2007 GMT
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
On Sat, Feb 24, 2007 at 06:14:45PM +0000, Adam Trickett wrote:
> On Saturday 24 February 2007 17:57, Andy Smith wrote:
> > Security through obscurity gets an undeservedly bad name. The
> > original quote "security through obscurity is an illusion" was
> > strictly in the context of crypto algorithms, not meant to apply to
> > the whole arena of security in general.
> >
> > In the real world it is used a lot, and not always foolishly.
>
> The problem with security through obscurity is that it's always best to assume
> that the attacker knows as least as much as you do. In which case security
> through obscurity is no security at all.
Against that particular attacker, yes. However against the entire
community of attackers IMHO it has great value, allowing one to focus
one's resources on the smaller group who do know as much as you
about the design of the system.
For example, should the military keep the floor plans of its important
bases and the deployment of its units secret? Should an
organisation publish the plan of its internal network? Should we
all publish our firewall rules? Was "loose lips sink ships" poor
advice?
If the obscurity is all that is relied upon then it's very fragile.
But it's still a valid technique in combination.
Schneier has more to say:
http://www.schneier.com/crypto-gram-0205.html#1
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB
My words are my own and do not represent Jacqui Caren.
