From owner-freebsd-hackers Wed Feb 12 14:44:30 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA00881 for hackers-outgoing; Wed, 12 Feb 1997 14:44:30 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA00874 for ; Wed, 12 Feb 1997 14:44:22 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.5/CET-v2.1) with SMTP id WAA12301; Wed, 12 Feb 1997 22:41:14 GMT Date: Thu, 13 Feb 1997 07:41:13 +0900 (JST) From: Michael Hancock To: Terry Lambert cc: dk+@ua.net, snar@lucky.net, freebsd-hackers@freebsd.org Subject: Re: Increasing overall security.... In-Reply-To: <199702121710.KAA00703@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 12 Feb 1997, Terry Lambert wrote: > > To play devil's advocate... > > > > 1) It requires assembler which is harder to understand. Less people are > > qualified to review it. Relying on something harder to understand for > > security is questionable. > > This is not a "security through obscurity" issue. The code is hard to > understand because of the people trying to understand it, not because > the difficulty in understanding it is one of the intentional effects. I didn't say it was "security through obscurity". Look at TIS's FWTK for the philosophy I'm talking about. Mike Hancock