This means the crypto algorithm needs to be widely known. Since there's a thorough lack of theoretical foundations for cipher security, the security of a cipher is determined by having a lot of very smart and knowledgeable people try to come up with attacks, even if they're not practical (attacks on ciphers always get better, never worse). Anybody can create a cipher they can't break, but not everybody can make a cipher Bruce Schneier can't break. This normally means using industry-standard crypto that numerous experts have looked at. In order to do that, you have to have confidence in everything but the password. This means you have a much smaller area open to attack, and can concentrate on securing the passwords. If you've got a properly encrypted AES channel, you can let the bad guys see everything about it except the password, and you're safe. Good security is about keeping the stuff you have to keep secret to a minimum. So, actually, much of security is about obfuscating something. Currently, biometrics aren't good at finding who you are, and there's always going to be problems with it (fingerprint readers for somebody who's been in a bad accident, forged fingerprints, etc.).
Security is about letting people in or keeping them out depending on what they know, who they are, or what they have. In other words, the more algorithms you use to identify messages the less effective it becomes, which goes against the normal criticism of security through obscurity.
Last year I came across a story that Researchers Calculate Capacity of a Steganographic Channel but the really interesting thing about this is: The biggest problem in steganalysis is identifying whether or not a message is there or not, making this security through obscurity. One of the more interesting developments in recent years has been the risk of steganography, which is the practice is hiding message in images, sound files or some other medium. Only organisations like the NSA, which has a significant budget and staff of mathematicians, can get away with this kind of approach. Some people hide their cryptographic algorithms but this is considered a dangerous practice because then such algorithms haven't gone through the same scrutiny. Algorithms for encyrption are typically widely published, analyzed by mathematicians and, after a time, some confidence is built up in their effectivness but there is never a guarantee that they're effective. A typical principle in cryptography is that a message is unknown but the contents are not. It is (rightly) maligned as a substitute for effective security. If ISNs can be guessed (due to predictability, CWE-330) or sniffed (due to lack of encryption, CWE-311), then an attacker can hijack or spoof connections. The design of TCP relies on the secrecy of Initial Sequence Numbers (ISNs), as originally covered in CVE-1999-0077. Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.
The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker however, it is a significant risk if used as the primary means of protection. This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism.
0 kommentar(er)
