![definition for obscurity definition for obscurity](https://img.youtube.com/vi/dNZvnY0GkIg/hqdefault.jpg)
The rules for internal-Obscurity-Pocket are more complicated
![definition for obscurity definition for obscurity](https://study.com/cimages/multimages/16/Peace_Treaty.jpg)
Here, state is a thing which is internal to streamObscurityPocket (and opaque to the X-TLS). Prototypes for both Obscurity Pocket functions can look (in a pseudo-language) as follows: byte streamObscurityPocket( Object state, byte input ) The first (“internal”) Obscurity Pocket processes plain-text stream before feeding it to TLS – and the second one (“external”) processes TLS output (i.e. Our X-TLS would use TLS as its basic primitive – but will additionally allow for two “Obscurity Pockets”. Let’s name our incarnation of an “obscurizable” secure channel “X-TLS”. BTW, let’s note that “secure channel” primitive is certainly not the only one where Obscurity Pockets can be applied we’ll discuss other crypto primitives (specifically – symmetric crypto, hash, and RNG) in Part II of this article. Let’s see how it could apply to a “secure channel” crypto protocol – the one having functionality similar to that of TLS. “Obscurizable” crypto primitive will use these functions during its operation, while providing strict crypto guarantees that as long as the rules are followed – such a security-wise “obscured” crypto primitive CANNOT BE WORSE than a non-obscured one. Let’s define “Obscurity Pocket” as a bunch of functions provided to an “obscurizable” crypto primitive (or crypto protocol), with a set of rules the functions must follow. We’ll use it as a “litmus test” to estimate efficiency of the mitigation measures we’ll be speaking about.
![definition for obscurity definition for obscurity](https://www.nypl.org/sites/default/files/dictionary_2.jpg)
One of the most egregious examples of such a vulnerability was infamous Heartbleed attack. Let’s take TLS – it is one protocol, and as soon as whatever-library-implementing-it has a bug in it – well, half of the world can easily get into large economy-size trouble. This is especially true when it comes to basic crypto-primitives and protocols. In a vast majority of cases, we’re relying on one single library to be secure – and with devastating results too.