Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This makes me think that it might be good to have a "security by obscurity" layer on top of the existing security layer. A big weakness of a public security protocol is that a huge government might privately crack it and tell nobody.


On the other hand, without peer-review your obscure system could be trivially cracked once the government has an interest in it.


Not advocating non standard crypto, but if the system is at least somewhat good ( that is, not susceptible to automatic attacks), it would keep a actual human busy. And you don't loose security, assuming that the cyphertext of the obscure system is again encrypted by a well established cypher.


It's important to note that even using well-tested, hardened crypto-primitives, you can still design an insecure system.


Absolutely. ( This will serve as a reminder, that one should even be careful talking about crypto. ;)


As a professional scientist: One should be very careful about using peer review as a mark of quality. It's not necessary nor sufficient.


It's not bullet-proof, but if you are the only person evaluating the system, then you've only protected it against the attacks that you can think up, and not against the attacks the other people can think up.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: