October 31st, 2003


just a quick reminder (and a touch of a rant)

security through obscurity is not secure at all.

If you know nothing else about security protocols, remember that. Any time a system relies on a lack of knowledge about how the system works, it should make you question the security and reliability of that system.

I see all sorts of a fuss being made over "source code found in publicly accessible archives" type of problems, and how it could lead to disaster because it means someone can inspect the code and find flaws to exploit. Microsoft tried using this defence to reason that USA national security would be at risk if the Windows source was opened up (side note: they then went to offer the source code to both India and China -- interesting how much respect that company has for "national security", eh?) during the anti-trust trials. Voting companies are being raked through the coals by news sites for their source being found in the public eye when it shouldn't be.

My only response to all this is, simply, that if the software were truly secure in the first place, it shouldn't matter if the code is publicly viewable in the first place. You can't rely on the privacy of your methods to ensure the security of those methods.

It simply makes sense, if you stop to think about it. Which would you trust more: a tool that was only inspected by a few people, or a tool that was inspected by millions of people? In one case, you have a small group of people saying their tool is the best (even if there are a thousand people in the company that makes that tool, it has only actually been tested and inspected by a small number of them -- likely only a hundred at most). In the other case, you have millions of people who have each personally inspected the tool (or, at least, the part of the tool they are competant to inspect -- that is, knowledgable enough to be capable of understanding what they are inspecting) all agreeing that it is the best.

Regardless of the relative capabilities and worth of the two tools (the one that is secretly constructed may in fact be the better of the two), I'm going to trust the millions of people instead of the few thousand (at most). I'll admit this is a personal value choice, and other people can make different choices, but I'm willing to have the tool with fewer abilities to have the peace of mind that it is proven to not be defective.

This issue is particularly important to me, given the fact that the next election here in California is mandated to be done with electronic voting systems (touch-screen and the like). There have been repeated reports of serious flaws in the voting machines, and the companies act all concerned when their code is found in the public, and this makes me really start to wonder. I'll admit that the mechanical punch-card voting systems we used previously are not perfect, but they were a *LOT* harder to hack than the newer ones we will be using.