We are constantly trapped in a negative loop regarding "encryption in Open
source code:

#1. the example of somebody trying to "stop casual browsing" of distributed
database by encryption is brought up (again and again)
#2. then it would be pointed out that obscurity is what is needed,
encryption does not serve any purpose in that situation
#3. then a voice would yell out to ask people stop asking for something
that's useless. Since we're discussing "database encryption", this voice
would basically give me an impression of "database encryption is useless,
stop asking for it in open source project".

Please, please, please! Please be noted that not everybody tries to use
encryption where obscurity is the need, encryption does serve it's own
serious purpose, Stop changing topic!

Thanks a lot.



On Fri, Nov 5, 2010 at 3:30 AM, Geoff Worboys <geoff@...

> wrote:

>
>
> marius adrian popa wrote:
> > security by obscurity is obscurity not security , there are
> > decompilers , disassemblers so i wouldn't sleep too well
>
> > http://www.schneier.com/crypto-gram-0205.html#1
> >
> http://en.wikipedia.org/wiki/Security_through_obscurity#Arguments_against
>
> I don't disagree - but obscurity still does work a lot better
> in closed source than in open source, which was my main point.
>
> I've used disassemblers, they are very much a professional's
> tool (it's not like you get nicely commented source code from
> them), so for some of the requests we've seen ("stop casual
> browsing") such obscurity is likely to be sufficient. They've
> just got to learn to stop asking for it to appear in open
> source as that rather defeats the purpose ;-).
>
> --
> Geoff Worboys
> Telesis Computing
>
>
>

[Non-text portions of this message have been removed]