Free software and public administrations?

xdrudis at xdrudis at
Tue Nov 26 16:17:57 UTC 2002

> > A secret algorithm in the security field is useless by definition.
> As far as I know there is no known cryptography algorithm which is
> mathematically proven to be secure.  We only expect them to be secure.

I think there is one, the one-time pad, but it is impractical by itself 
in many cases, since it basically dodges the problem.

> If the algorithm is good, then it is difficult to crack it, but if it
> is also not known, then this is even more difficult.  Secret

If it is not known it is very difficult to verify it is good. 
If it is secret it is almost sure it isn't so good.
Algorithms are made by humans, humans err. More humans are more 
likely to detect errors than a few secretive few. There is going to be
many humans trying to break the secret algorithm/implementation, be it
public or secret, and few humans trying to fix it or warn of problems if
it is secret. Please talk to a cryptography expert near 
you, I'm sure you can pick one at random and he'll explain it to you. 
They all know. 

> algorithms also make the system a little bit more secure against human
> mistakes, say weak passwords.

I'm lost here. I see no relation between weak passwords and 
security through obscurity.

> Sometimes I have proposed to make free programs that use plugins,
> distribute them together with several free plugins, but use them with
> a private plugin.

Maybe that would work, but what I don't understand is the 
need for secrecy to begin with. 

More information about the Discussion mailing list