*BSD News Article 62765


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!sjsumcs.sjsu.edu!wetware!nntp-hub.barrnet.net!nntp-hub2.barrnet.net!news1.digital.com!decwrl!sdd.hp.com!swrinde!newsfeed.internetmci.com!quanta.com!rsww
From: rsww@quanta.com (Ross S. W. Walker)
Newsgroups: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc
Subject: Re: need secure OS to entrust millions to
Followup-To: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc
Date: 4 Mar 1996 01:45:19 GMT
Organization: Quanta Communications, Inc.
Lines: 29
Distribution: inet
Message-ID: <4hdhvg$lga@news.quanta.com>
References: <4gi6t6$3h9@lace.colorado.edu> <nc0453Dn96w6.93F@netcom.com> <y5ad974s4v4.fsf@graphics.cs.nyu.edu> <4gqf17$1lr@cynic.portal.ca> <1996Feb25.152559.8977@jarvis.cs.toronto.edu> <4gvchb$ln5@senator-bedfellow.MIT.EDU> <4h7rdd$qeu@park.uvsc.edu>
NNTP-Posting-Host: quanta.quanta.com
X-Newsreader: TIN [version 1.2 PL2]
Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:89923 comp.os.linux.development.system:18647 comp.os.linux.networking:30567 comp.unix.bsd.bsdi.misc:2548 comp.unix.bsd.netbsd.misc:2382 comp.unix.bsd.freebsd.misc:14852

Terry Lambert (terry@lambert.org) wrote:
: ghudson@mit.edu (Greg Hudson) wrote:
: ] Chris Colohan (colohan@eecg.toronto.edu) wrote:
: ] : 1.  Security through obscurity.  More people have access to the source
: ] : code for your OS, so there is a greater chance of someone finding a
: ] : security flaw and exploiting it before you can fix it.
: ] 
: ] It's disappointing that some people still think that security through
: ] obscurity is a net gain.

: Public key cryptography (RSA, et. al.) is the ultimate in
: security through obscurity.  People trust it every day.

Even RSA sources are available for viewing. Does the RSAref library
strike a note? How about the early sources of PGP?

I'm no cryptographer, but others who are say it is very good code for
public key encryption. The RSA stuff is only a part there are other
routines which are in the public domain which are used. Actually I
believe the RSA copyprotected code is only really on 2 mathematical
formulas in the code, everything else is in the public domain, but
those 2 formulas are the heart of the RSA public key encryption
scheme and hence everything that relies on that (PGP, SSL, ...).


Cheers,

Ross Walker