Security through Obscurity principle

Featured Product

Raynon CryptoFile

Raynon CryptoFile is one of the best resources available to those who need a reliable system to encrypt any file using an entered password. With this product, the user is able to safely protect sensitive data to allow only those who have the necessary file passwords to access the information. While this may seem secretive, there is no reason not to protect your sensitive information.

Our Articles

Cryptography, which includes both encryption and decryption, is one of the most important tools you have to protect yourself. Hands down, there is nothing that will protect you more so than having your data protected by a trustworthy software product.

Most people do not think anything of cryptography. They may not even know what it is. However, what you may believe is protecting you is not.

Authorization

Tag Gloud

In the field of computer security, often can be encountered specialists’ debates on the information disclosure policy (or on the contrary, secrecy). Few decades ago, the most important for the software vendors as well as for the cryptographic algorithm vendors was the policy of non-disclosure, and thus the code itself with in particular the information on all known vulnerabilities, so-called weaknesses of the program or “crypto cipher”, that remained a mystery and was kept in secrecy. Often, such a policy is called «Security through Obscurity» (literally translated - security by secrecy, although you can encounter the other option - security through obscurity).

There is a different approach, in contrast to the "secrecy" - the policy of full disclosure. According to it the complete and detailed information about the product must be shared. According to proponents of this method, with cryptographic algorithms, it can guarantee a sufficient sustainability of the cipher. After its publication a wide range of both specialists and amateur cryptologists will work on the algorithm, and of course, its performance will be analyzed from a hundred different points of view, which will either find the errors and possible further improvements for the algorithm or verify its invulnerability to cracking.

A natural consequence of the policy of open access is that all errors are carefully analyzed and compiled in vulnerability databases, which will be available not only to a narrow circle of specialists but also the hackers. For this reason for many algorithms there are many possible break-ins based on their weaknesses. Since these programs are also developed by professional cryptanalysts, often such "program-picks" are extremely effective and not computationally intensive. Some of them in order to find the correct password are capable to analyze millions of combinations of characters per second, and only need the capacities of an average performance computer. With a relatively short passwords and the absence of the "seed" ("Salt") – that can be accidentally added to the password before the hashing; – also the so-called rainbow tables can be valuable in reducing the duration of password decryption. There are also computing clusters, which reasonably reduce the time of password scanning by using parallel calculations.

If an attacker can determine by any of his methods the secret password, and then by using it convert the encrypted text back to its original version, it is believed that the cryptographic system is disclosed. When working with proprietary, commercial encryption a cryptanalyst not only must get at his disposal the program itself and its encrypted messages, but also recreate the exact scheme of the cryptographic protocol, to understand exactly how the incoming data is encrypted. Only then can we develop an algorithm to sort the passwords and search them with it; with their help you can inverse the transformation and restore the original data with an accurate meaningful text or structured code instead of a mixed set of characters.