Conversation
Notices
-
Embed this notice
Security through obscurity is not security... except that the only reason it's secure is that it would take 10 million years to brute force it. Is that not security through obscurity?
-
Embed this notice
"Security through obscurity is not security" is a colloquialism. It's practical advice, not philosophical. And would be better written as "weak security is insecure", which is obvious to everybody.
-
Embed this notice
@errante Well, it's like changing /admin to /banana. But the only difference between that and a Bitcoin wallet is low long it takes to brute force it. "Security through obscurity" usually just means it can be brute forced in less than 1 day.
-
Embed this notice
@alex security through obscurity is generally targetted at people using weird stuff ie
'im on 9front, no one will ever hack me!'
its the idea that having an uncommon attacl vector makes one secure
-
Embed this notice
@errante Another example is bike locks. Chains can be cut, U-locks can be frozen with canned-air and smashed. If you have an expensive bike it will be a target. But adding 2 locks makes it not usually worth it. Adding 3 locks makes it essentially secure from petty theft, even though a very determined person could still steal it. So is it not worth it to lock your bike? No. Everyone who says "security by obscurity it not security" still locks their bike, because they understand it greatly reduces its chance of being stolen even though it can still be easily broken with enough patience.
-
Embed this notice
@errante My main point is that "security by obscurity is not security" is a smug statement, used mostly because it rhymes, and does not help newcomers understand it philosophically. Because ALL security is just levels of obscurity, and GOOD security is just extreme obscurity to the point that breaking it is impractical.
-
Embed this notice
@alex ahh, fair
Alex Gleason
errante
All GNU social JP content and data are available under the