Perspectives On Obscurity

This is the outline of a talk I gave at the rump session of Financial Cryptography 1997 conference. It is in response to a paper with a section 'In Defense of Obscurity.' While I believe obscurity can be useful, I also feel there are few people able to properly evaluate its use and benefits.

  1. Lack of code slows (stops?) process of good guys commenting.
    1. NDA process is slow
    2. NDA process is often unacceptable to academics
    3. Process does work--sometimes
    4. Cost of hiring outsiders to do what academics will do free
    5. New players have trouble getting code

  2. Lack of code does not slow bad guys
    1. As much
      1. Theft of source
      2. Disassembly
    2. Bad guys have more time
      1. 16 year old high school student vs.
      2. 45 year old professional with 2 kids
    3. payoff may be high

  3. Overestimates of benefits
  4. I've seen programmers better than me take sparc assembler back to C as fast as they can write.

  5. Risk of bad publicity
    1. Security Dynamics
      Plagued for years by rumors that could not be dispelled while their protocol was secret. It turns out the most rumored attacks about the value of breaking the chips were inaccurate.
    2. Mondex
      Unable to respond to claims that DFA would smash their system effectively, since obscurity forced them to speak in generalities.

  6. Protocols not a good place for obscurity
  7. Few people break protocols. Many published ones go for years without problems being found. Taking away most of the (good) eyes means that only bad guys will be breaking your protocol.

  8. Few people can objectively weigh the risks of obscurity.
    1. The author in question clearly can.
    2. That does not mean you can

  9. Pseudononymous publication
    1. Publish protocol through someone not public-ally affiliated with you
    2. Publish protocol without name of real protocol

  10. Lie in the right places
    1. Use the IDEA cipher
    2. Tell people you're using CAST
    3. Both are 128 bit key, do they have the same block size?
    4. Allows analysis by outsiders
      No need to know which unbroken block cipher is in use for most attacks. You might even get a paper that shows an attack if you were using IDEA.
    5. Results in a more accurate estimate of time to break obscurity.

Adam Shostack
Last modified: Mon Mar 3 16:25:12 EST