Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: bitfloor needs your help!
by
SgtSpike
on 08/10/2012, 21:23:50 UTC
Quote from: davout on October 08, 2012, 08:17:03 PM
Quote from: SgtSpike on October 08, 2012, 08:23:34 AM
Quote from: davout on October 08, 2012, 07:44:44 AM
Quote from: notme on October 06, 2012, 08:37:06 PM
1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

Passwords are security through obscurity, so yes, it is.

Ok smartass, let me just quote wikipedia for you Smiley
Quote
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security.
The fact is though, revealing information about his cold storage procedures DOES reduce the effective security of said procedure.  One less unknown is one more factor a malicious entity could use in planning an attack.

I know the argument is that security measures should always be 100% bulletproof, so that even if all the facts were known, it wouldn't be possible to crack, but it is very rarely the case that such a scenario can be created.  Especially with regards to cold storage, the malicious entity would want to know where it is stored, how it is stored, how often and when it is accessed, etc.  Each of those unknowns is "security through obscurity", but each one, if revealed, would help an attacker with pulling off a heist.

Just my two cents.  Wink