Isn't all security "through obscurity"?

See this answer.

The main point is that we make a sharp distinction between obscurity and secrecy; if we must narrow the difference down to a single property, then that must be measurability. Is secret that which is not known to outsiders, and we know how much it is unknown to these outsiders. For instance, a 128-bit symmetric key is a sequence of 128 bits, such that all 2128 possible sequences would stand an equal probability of being used, so the attacker trying to guess such a key needs to try out, on average, at least 2127 of them before hitting the right one. That's quantitative. We can do math, add figures, and compute attack cost.

The same would apply to a RSA private key. The maths are more complex because the most effective known methods rely on integer factorization and the involved algorithms are not as easy to quantify as brute force on a symmetric key (there are a lot of details on RAM usage and parallelism or lack thereof). But that's still secrecy.

By contrast, an obscure algorithm is "secret" only as long as the attacker does not work out the algorithm details, and that depends on a lot of factors: accessibility to hardware implementing the algorithm, skills at reverse-engineering, and smartness. We do not have a useful way to measure how smart someone can be. So a secret algorithm cannot be "secret". We have another term for that, and that's "obscure".

We want to do security through secrecy because security is risk management: we accept the overhead of using a security system because we can measure how much it costs us to use it, and how much it reduces the risk of successful attacks, and we can then balance the costs to take an informed decision. This may work only because we can put numbers on risks of successful attacks, and this can be done only with secrecy, not with obscurity.


I think that the term "security through obscurity" gets misused quite often.

The most frequently referred to quote when talking about security through obscurity is Kerckhoffs's principle.

It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;

Security through obscurity is referring to relying on keeping the design and implementation of a security system secure by hiding the details from an attacker. This isn't very reliable as systems and protocols can be reverse engineered and taken apart given enough time. Also, a system that relies on hiding it's implementation cannot depend on experts examining it for weaknesses, which probably leads to more security flaws than a system that has been examined, has the bugs made known and fixed.

Take RSA for example. Everyone in the world knows how it works. Well, everyone that has a good grasp of the mathematics involved anyhow. It is well studied and relies on difficult mathematical problems. However, given what we know about the mathematics involved, it is secure provided the values of p and q are kept a secret. This is essentially concentrating the work of breaking (and protecting) the system into one secret that can be protected.

Compare this with an encryption algorithm that does not subscribe to Kerckhoffs's principle. Instead of using a publicly known scheme that uses a secret key, this encryption algorithm is secret. Anyone that knows the algorithm can decrypt any data encrypted with the algorithm. This is very difficult to secure as the algorithm will be nearly impossible to keep out of the hands of an enemy. See the Enigma machine for a good example of this.


The critical difference is in what is kept secret.

Take RSA as an example. The core principle of RSA is simple mathematics. Anyone with a little mathematical knowledge can figure out how RSA works functionally (the math is almost half a millenium old). It takes more imagination and experience to figure out how you could leverage that for security, but it has been done independently at least twice (by Rivest, Shamir and Adleman, and a few years before by Clifford Cocks). If you design something like RSA and keep it secret, there's a good chance that someone else will be clever enough to figure it out.

On the other hand, a private key is generated at random. When done correctly, random generation ensures that it is impossible to reconstruct the secret with humanly available computing power. No amount of cleverness will allow anyone to reconstruct a secret string of random bits, because that string has no structure to intuit.

Cryptographic algorithms are invented out of cleverness, with largely-shared goals (protect some data, implement the algorithm inexpensively, …). There's a good chance that clever people will converge onto the same algorithm. On the other hand, random strings of secret bits are plentiful, and by definition people won't come up with the same random string¹. So if you design your own algorithm, there's a good chance that your neighbor will design the same. And if you share your algorithm with your buddy and then want to communicate privately from him, you'll need a new algorithm. But if you generate a secret key, it'll be distinct from your neighbor's, and your buddy's. There's definitely potential value in keeping a random key secret, which is not the case for keeping an algorithm secret.

A secondary point about key secrecy is that it can be measured. With a good random generator, if you generate a random n-bit string and keep it secret, there is a probability of 1/2^n that someone else will find it in one try. If you design an algorithm, the risk that someone else will figure it out cannot be measured.

RSA private keys aren't a simple random string — they do have some structure, being a pair of prime numbers. However the amount of entropy — the number of possible RSA keys of a certain size — is large enough to make one practically unguessable. (As for RSA keys being practically impossible to reconstruct from a public key and a bunch of plaintexts and ciphertexts, that's something we can't prove mathematically, but we believe to be the case because lots of clever people have tried and failed. But that's another story.)

Of course this generalizes to any cryptographic algorithm. Keep random strings secret. Publish clever designs.

This isn't to say that everything should be made public except for the small part that's a random bunch of bits. Kerckhoff's principle doesn't say that — it says that the security of the design should not rely on the secrecy of the design. While cryptographic algorithms are best published (and you should wait a decade or so before using them to see if enough people have failed to break them), there are other security measures that are best kept secret, in particular security measures that require active probing to figure out. For example, some firewall rules can fall into this category; however a firewall that doesn't offer protection against an attacker who knows the rules would be useless, since eventually someone will figure them out.

¹ While this is not true mathematically speaking, you literally can bet on it.

Tags:

Obscurity