security, encryption, passwords, obfuscation, oh my!

Whitedust pointed me to Emergent Chaos with an announcement that obscurity will save us and we can just hide our files someplace unexpect and be safe! Well, ok, mordaxus was nearly as sarcastic as I was in that last line.

I just have two points in mentioning this. First, I wouldn’t argue against someone who says that encryption itself is simply a form of obscurity. It is obscured because a key/passphase is not known. But know that bit of information, and encryption is done. Of course, this means every password system is also a form of obscurity…but I still wouldn’t argue with that person to any great length.

Second, there are plenty of places to hide files in Windows machines already. Alternate Data Streams in NTFS have never gotten the attention it deserves, especially since few tools poke around in there, and those that do are sloooow. I would bet that few people even know about ADS and fewer will ever bother to do a scan for those files. Of course, I’m not saying this is protection for passwords and financial information. I would more use ADS for hiding porn stashes…