On Fri, Nov 5, 2010 at 2:00 AM, Geoff Worboys
<geoff@...> wrote:

> Dalton Calford wrote:
>> There are other areas I would like to see worked on before
>> anyone tries encryption.
>
> <cynic mode>
> Now, now, Dalton.  There is no point in trying to be sensible
> here.  No one actually wants good security, they simply want
> to be able to put "AES encrypted" on their sales blurb.
> </cynic mode>
>
>> [...]
>> but this discussion has really been going on a long time and
>> until someone does the work or pays for it to get done, it
>> will never end.
>
> I often wonder how many have just quietly taken the existing
> code and implemented encryption for themselves - as Dmitry
> pointed out, the basic interface is already there and has been
> for a long time.  If I had needed to add encryption it's what
> I'd have done, a neat closed source solution done quietly so
> that no one could pick at it.  The security would not have been
> perfect but the obscuration possible with closed source could
> have made it something fairly useful.  (There are some things
> that open source is not good for, and keeping secrets about the
> code is one of them.)

security by obscurity is obscurity not security , there are
decompilers , disassemblers so i wouldn't sleep too well

http://www.schneier.com/crypto-gram-0205.html#1
http://en.wikipedia.org/wiki/Security_through_obscurity#Arguments_against

>
> --
> Geoff Worboys
> Telesis Computing
>
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>