Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!sjsumcs.sjsu.edu!wetware!nntp-hub.barrnet.net!nntp-hub2.barrnet.net!news1.digital.com!decwrl!sdd.hp.com!swrinde!newsfeed.internetmci.com!quanta.com!rsww From: rsww@quanta.com (Ross S. W. Walker) Newsgroups: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc Subject: Re: need secure OS to entrust millions to Followup-To: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc Date: 4 Mar 1996 01:45:19 GMT Organization: Quanta Communications, Inc. Lines: 29 Distribution: inet Message-ID: <4hdhvg$lga@news.quanta.com> References: <4gi6t6$3h9@lace.colorado.edu> <nc0453Dn96w6.93F@netcom.com> <y5ad974s4v4.fsf@graphics.cs.nyu.edu> <4gqf17$1lr@cynic.portal.ca> <1996Feb25.152559.8977@jarvis.cs.toronto.edu> <4gvchb$ln5@senator-bedfellow.MIT.EDU> <4h7rdd$qeu@park.uvsc.edu> NNTP-Posting-Host: quanta.quanta.com X-Newsreader: TIN [version 1.2 PL2] Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:89923 comp.os.linux.development.system:18647 comp.os.linux.networking:30567 comp.unix.bsd.bsdi.misc:2548 comp.unix.bsd.netbsd.misc:2382 comp.unix.bsd.freebsd.misc:14852 Terry Lambert (terry@lambert.org) wrote: : ghudson@mit.edu (Greg Hudson) wrote: : ] Chris Colohan (colohan@eecg.toronto.edu) wrote: : ] : 1. Security through obscurity. More people have access to the source : ] : code for your OS, so there is a greater chance of someone finding a : ] : security flaw and exploiting it before you can fix it. : ] : ] It's disappointing that some people still think that security through : ] obscurity is a net gain. : Public key cryptography (RSA, et. al.) is the ultimate in : security through obscurity. People trust it every day. Even RSA sources are available for viewing. Does the RSAref library strike a note? How about the early sources of PGP? I'm no cryptographer, but others who are say it is very good code for public key encryption. The RSA stuff is only a part there are other routines which are in the public domain which are used. Actually I believe the RSA copyprotected code is only really on 2 mathematical formulas in the code, everything else is in the public domain, but those 2 formulas are the heart of the RSA public key encryption scheme and hence everything that relies on that (PGP, SSL, ...). Cheers, Ross Walker