Security through obscurity, often quoted yet so little understood. Repeated from the mouths of those who worship the echo chamber of tech giants.
This despite the fact that throughout most of US history, the security industry has largely been ruled by “security through obscurity.” In fact, it could argued that it was this social framework, that allowed for rapid innovation in cryptography. And yet, so often, it is the very ones promoting open standards for cryptography, that also don’t want individuals writing their own cryptography solutions. Never mind if for thousands of years, most of human history has largely had cryptography curated by those who did not necessarily share around the world the way they encrypted their plain text. The assumption was largely a given that, usually the enemy already had something similar, either reverse engineered, or thought of independently.
Even beyond security solutions, into the world of fiction, many authors in the past have claimed that world cultures have a shared fiction. That there is a shared framework that follows certain rules of design. Cryptography is no different. You have certain genres in tech circles, that seek to promote a certain shared cultural mythology. But RSA didn’t come from a generation that didn’t allow people outside their community from creating cryptographic forms. In fact, it came from the civilian sector. The government security community say for there to be no “security through obscurity” and yet promote a kind of security through obscurity. But reverse engineering and learning to build you own programming is as basic as having encryption be as ubiquitous as possible.
While Orwell anticipated a kind of double speak, one may have their doubts whether he would expect such a particularly subtle form. Its so rampant, that it’s pervasive even among those who seek complete freedom respect through ubiquitous cryptography.
They assume that anyone, it doesn’t matter who it is, has the same level of cryptographic knowledge, and thus are not entitled to write their own cryptographic programs. This is a losing battle, and yet they don’t acknowledge it. Cryptography is almost a living breathing being at this point, and now is self perpetuating. It morphs into a kind of eldritch abomination according to the establishment, who wish to bore in back doors, much like doctor would cut a hole in someone’s stomach to get them not have stomach cancer. But in practice, it only causes the runs. Cryptography and steganography will always be around, despite people’s attempts to try to stop it. And the same people will try to use the “Security through obscurity” argument for steganography forms as well.
Honestly at this point, for some I don’t even think it would matter if I were an old person, usually male, because they would still say the same thing despite my qualifications. So the onus is on people like who claim such to see if they will practice what they preach, whether it’s a good idea to make his own cryptographic system. For me, it just seems like a monopoly.
Let me summarize in particular why “security through obscurity” argument is not relevant for steganography: the very point of steganography is that you’re unaware that any kind of encoding has taken place; if you’re aware that some kind of encoding has taken place, the steganography is not doing its job. How do you make absolutely sure nobody knows any hidden writing is actually there? And unlike cryptography, anything can be turned into a steganographic solution.
Social steganography is a good example. Not a good idea to do your own steganography? Say this to kids who live in war torn countries like Syria, bombarded by the imperialistic United States. Say that to the people who hide their feelings from their parents.
Steganography is here, and it wont go away.