Comment on Thanks đđ»
someacnt@sh.itjust.works âš4â© âšdaysâ© ago
Security by obscurity does not work, because people are only so creative up to a point. Hence, there are only handful of configurations for the attacker to try out.
This contrasts to e.g. 128-bit secure encryption, which involves trying 2^128 times to break it - which is a number with whopping 38 zeros. It takes 10^22 years to break it with trying at 1GHz rate. It is simply incomparable, and adding a few bits of security by obscure combination is simply not worth it.
Yet, so many people and organizations seem to prefer obscurity to actual security.
cmhe@lemmy.world âš4â© âšdaysâ© ago
It really depends in the purpose. Sometimes you can hide stuff in unexpected places when there isnât much interest for other people to find it, or if they donât even know about itâs existence.
Also sometimes it is good enough to just delay the discovery of something for a while, because its value after a certain time diminished completely.
So, I would argue that sometimes security by obscurity can be useful. But I agree that it generally shouldnât replace proper encryption.