Subject Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB
Author Julio César Carrascal Urquijo (MCTS)
On 7/18/07, Geoff Worboys <geoff@...> wrote:
> Firebird is an open-source project. Any attempt to put data
> obfuscation code into open source means that the result is no
> longer obscure. It becomes fast and easy to break any
> "security" achieved, indeed someone will probably build such
> a solution and make it available for download.
> If you want any chance of security by obscurity you must do it
> outside the open source - the Firebird developers cannot do it
> for you.

I'm sorry to interrupt but this subject really interest me.

Kerchkhoff's Principle
In cryptography, a system should be secure even if everything
about the system, except for a small piece of information
— the key — is public knowledge.

From what I understand PenWin's proposal is embed the key on the
application's executable. That would be the only part of the system
depending on security by obscurity. The rest would be standard
cryptography routines. That's not obfuscation by any means.

Julio César Carrascal Urquijo
Microsoft Certified Technology Specialist