Page 2 of 2

Re: Security through foreign languages.

Posted: Wed Dec 31, 2008 12:31 pm
by califdon
kaisellgren wrote:
califdon wrote:I can certainly understand the motivation to program in your native language.

By the way, I have never heard of the English word "obscuration", but this usually called "obfuscation". Today's English lesson! :P
Something wierd happened. You made three posts :)

Btw, http://www.thefreedictionary.com/Obscuration
I noticed something odd going on when I posted that...probably caused by some BB code written in Finnish! :P Fortunately, as a moderator, it's easy for me to delete the extra posts.

I almost looked up that word, but I can tell you, both as a native English speaker and as a career editor, teacher and technical writer, that it is not in common usage. Obfuscation is the term that is normally used for this technique.

In English we have some quite funny usages, as I'm sure is true of most languages. The word 'obfuscation' is not a commonly used word outside of computer security discussions, and another proper, but rarely used word is 'eschew', meaning to refrain from. There's a famous bumper sticker that says, "Eschew Obfuscation". :)

Re: Security through foreign languages.

Posted: Wed Dec 31, 2008 12:40 pm
by kaisellgren
califdon wrote:
kaisellgren wrote:
califdon wrote:I can certainly understand the motivation to program in your native language.

By the way, I have never heard of the English word "obscuration", but this usually called "obfuscation". Today's English lesson! :P
Something wierd happened. You made three posts :)

Btw, http://www.thefreedictionary.com/Obscuration
I noticed something odd going on when I posted that...probably caused by some BB code written in Finnish! :P Fortunately, as a moderator, it's easy for me to delete the extra posts.

I almost looked up that word, but I can tell you, both as a native English speaker and as a career editor, teacher and technical writer, that it is not in common usage. Obfuscation is the term that is normally used for this technique.

In English we have some quite funny usages, as I'm sure is true of most languages. The word 'obfuscation' is not a commonly used word outside of computer security discussions, and another proper, but rarely used word is 'eschew', meaning to refrain from. There's a famous bumper sticker that says, "Eschew Obfuscation". :)
Great, thanks for enlightening me :D

Re: Security through foreign languages.

Posted: Thu Jan 01, 2009 10:18 am
by Mordred
Kai, I support your general idea (it was one of my main suggestions in that password storage article I posted here some years ago), but I think you and the others in the discussion are largely missing the point.

The relevant (and more realistic) treat model here is not someone reading your source code, but someone accessing your database by SQL injection. Since there are only some limited mechanisms of finding out table and field names, it can be THE single most powerful mitigation measure.

As for "protecting" code by obfuscating the symbol names, one, it would only slow someone and two, if you still want code obfuscation, it's always better to code comfortably in whatever language you like and then postprocess the code before publishing it using truly random names.

Re: Security through foreign languages.

Posted: Thu Jan 01, 2009 2:21 pm
by califdon
Hey, now you've got the security guru, and he's from Bulgaria! Now you have resources for two of the three really difficult languages in the world!! :lol: Any Hungarians out there??

[Edit:] Could you guys coordinate and come up with something like Bulgarish or Finngarian, maybe? :?

Re: Security through foreign languages.

Posted: Fri Jan 02, 2009 8:45 am
by kaisellgren
califdon wrote:Hey, now you've got the security guru, and he's from Bulgaria! Now you have resources for two of the three really difficult languages in the world!! :lol: Any Hungarians out there??

[Edit:] Could you guys coordinate and come up with something like Bulgarish or Finngarian, maybe? :?
Finngarian would be probably harder then cracking into CIA :crazy:

I still don't think these two are comparable to Korean, Japanese or Chinese :lol:

Re: Security through foreign languages.

Posted: Sat Jan 03, 2009 5:28 pm
by Mordred
Bah... nothing but Lojban will work. (http://en.wikipedia.org/wiki/Lojban)

Re: Security through foreign languages.

Posted: Sat Jan 03, 2009 5:34 pm
by kaisellgren
Mordred wrote:Bah... nothing but Lojban will work. (http://en.wikipedia.org/wiki/Lojban)
But isn't it relatively easy to learn?