Ian Bicking: the old part of his blog


I've found that security via obscurity seems to be the only way to deal with some situations, particularly when you have a program that stores a password and needs to be able to get the plaintext password on its own, as in a client that does something on behalf of some user. You can use whatever encryption, but it doesn't really matter, because on some level you have a plaintext key. Passwords are secure only because our brains are an exceptionally obscure storage medium.

This is why DRM schemes are breakable -- it's certainly not that the designers don't understand encryption algorithms (DVD's CSS aside).
Comment on Homebrew encryption
by Ian Bicking