| ??? 02/18/08 17:02 Read: times |
#151023 - Security through obscurity Responding to: ???'s previous message |
Erik Malund said:
.. the result was "throw the disassembly away and start from scratch" I agree. But being able to analyze the existing code tells you everything the original code was capable of doing so you can be sure that your new code does everything as well. The old code still gets thrown out but now you're confident that the new code does everything it needs to. Erik Malund said:
Thus, my opinion is "if you are not about to copy some hardware and insert a processor with stolen code the value of hex code is zero". For the reason I stated above, I disagree. I do see potential value to reverse engineering an existing public and my understanding is that it's not illegal (at least in the U.S.). However, I do believe that most of the time the question is asked here, the motive is for an illegal purpose. On that basis, I'm tempted to add a rule that prohibits the "cracking" discussions. But on the other hand I do agree that security through obscurity is of little value and is inherently dangerous in that it can provide a false sense of security. If there are weaknesses in security, I believe security is enhanced by discussing them so that: 1) People know they can't depend on them. 2) Manufacturers will be inclined to produce better security options in the future. So where does that leave me on deciding what to do with these threads? I have no idea. :( Regards, Craig Steiner |
