If the system is secure...
...then even after all the details have been explained, once the locks engage it will remain secure.
If your system is relying on security by obscurity, then your system is insecure.
Defence giant Thales has withdrawn its demand for the removal of banking security documents from whistle-blowing website Cryptome. The global corporation filed a DMCA* takedown notice last week citing copyright infringement: two of its manuals for cryptographic equipment have been available from Cryptome since 2003. Ross …
Every system is insecure.
I remember my Java and Linux friends spouting that junk too. "Oh, it is so secure because it is open source, people can look at it." "Oh, no vulnerabilities because so many people have looked at it and for sure someone would notice any vulnerabilities."
If you know enough about about any complex software you can eventually break it.
But it isn't just software, it is anything. It is why you don't share your password, why government's have "top secret" classifications, why you don't let the thug down the street borrow your car keys.
@WatAWorld,
Re-read his comment, you've completely missed his point!
He's not saying "It's more secure because you've let the world see it", he's saying that a secure system will remain secure even after all the details of how it works have been explained.
Giving someone access to something (keys - physical or password, documents - top secret or otherwise) isn't about the security of the system. No system can tell whether that user who's just authenticated properly (i.e. by entering correct credentials, or by inserting a key into a lock) is genuine. Even biometrics would fail on this if someone 'lent' you their auth token (their finger).
The OP was talking about designing secure systems, not about how many eyes reduces bugs. There's a big difference, and the availability of docs only makes it easier to find a security weakness, it doesn't suddenly make it possible - an attacker could *potentially* stumble upon a weakness with no access to the documents, the difference being that with no access to the documents the likelihood of a 'friend' finding it is also reduced dramatically.
Incidentally
"Oh, no vulnerabilities because so many people have looked at it and for sure someone would notice any vulnerabilities."
Is indeed a silly thing to say, there's a higher chance of someone noticing vulnerabilities, but it's anything but certain.
No system can be 100% secure indefinitely as over time a "secure" system will become insecure due technology progressing. So let's take "secure" to mean "invulnerable to the best-effort attempt available at the moment".
Ben Tasker gets closer to what I meant. I wasn't talking about F/OSS as such, just that security by obscurity is useless. It's useless because the user (i.e. the customer) is unaware what vulnerabilities exist and is thus unable to mitigate them.
Let's take a more mundane example. Your front door probably has a Yale-style lock. It is "secure"? As in, is it anti-bump, anti-snap, anti-pick and anti-drill? How do you actually know? From the packaging? Or from details on how the lock works and its design?
The former is security by obscurity, the latter is full disclosure. For example, anti-snap can have the weakening cur from the top to the bottom, or the bottom to the top. One of these designs is almost certainly worthless, the other is better; which is which? How can you know unless the details of how ant-snap locks work is in the public domain?
Now let's come back to Thales. If we know all the details on how the Thales system works, based on our knowledge of good security design and procedures which should all be in the public domain we can maybe say "I know how this lock/system works, and I am satisfied that when it engages it will remain secure". It also allows us to take mitigating actions should a vulnerability exist. Or you just believe the hype (*cough*Medeco*cough*). Luckily you can find out all about this (at the moment). Imagine how things would be if only the bad guys knew? And only the bad guys would know because the good guys would be too scared to discuss it in case they ended up in jail.
Oh and something else to consider, if you are relying on the packaging of your locks, your insurance might be invalid (even if it claims to meet the correct standards); so that £15 lock you just got from the DIY store might end up costing you an awful lot more.
The information concerned, as has been noted, has been available since 2003 and is in fact obsolete. It also does not reflect the current Thales payment hardware security module.
Then deliver the up-to-date manuals posthaste to Cryptome, you state-financed killtool deliverers and frigates-for-Taiwan (not to mention submarines-for-Malaysia) corruption scandal overlords.
"The information concerned, as has been noted, has been available since 2003 and is in fact obsolete"
In the context of banking systems, 'obsolete' probably means that the systems documented in those manuals are still being used by a big % of Thales customers, and that security holes/errors discovered in them - with the help of these manuals- could cost the company lots of money in updates/patches. To me, together with the lack of official manuals as noted in other comments, this says lots about the priorities at Thales.