[liberationtech] on the traceability of circumvention tools
Jacob Appelbaum
jacob at appelbaum.net
Thu Sep 16 05:01:18 PDT 2010
On 09/16/2010 04:42 AM, Benedikt Kristinsson wrote:
> On Thu, Sep 16, 2010 at 11:31, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Speaking of personal failures, I'm pretty much unable to comprehend why
>> you just disclosed the above information.
>
> Kerckhoffs law states that a cryptosystem should be secure even if
> everything about the system is public knowledge. This is also konwn as
> Shannons maxim where it is formulated as "the enemy knows the system".
>
> This is a very important part in all cryptosystems and secure systems
> and applies very well here. If the system cannot take full disclosure
> it is considered weak. Security though obscurity is a very bad idea.
>
I would like to thank you for sending the absolutely most awesome email
in this entire discussion.
Also, I agree with you entirely.
Haystack is a weak but sadly, deployed system; as a result of deployment
there are additional complications to consider.
At this time, I believe that disclosing information about the discovered
issues with Haystack is only harmful to Haystack users. It seems
unbelievable that the responsible vendor of the product would disclose
any of those issues given the stakes.
All the best,
Jake
More information about the liberationtech
mailing list