Contributed by Ashish Anand and restored from the old Infosecwriters archives.
“If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world’s best safecrackers can study the locking mechanism – and you still can’t open the safe and read the letter – that’s security!”
This document is in PDF format. To view it click here.