IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [obscurity]

Security through obscurity means relying on the secrecy of the design of a system to keep it secure. Kerchkoff's principle states that the security of a system should not rely only on obscurity.

Security through obscurity means keeping the design of a system secret in the hope to make the system more secure.

Kerchkoff's principle states that the security of a cryptographic system must not rely only on keeping its design secret, but primarily on keeping the key secret.

Further reading

91 questions
107
votes
15 answers

At what point does something count as 'security through obscurity'?

So, I keep finding the conventional wisdom that 'security through obscurity is no security at all', but I'm having the (perhaps stupid) problem of being unable to tell exactly when something is 'good security' and when something is just 'obscure'. I…
root
  • 1,537
  • 3
  • 12
  • 20
44
votes
11 answers

Isn't all security "through obscurity"?

I know that one shouldn't rely on "obscurity" for their security. For example, choosing a non-standard port is not really security, but it also doesn't usually hurt to do so (and may help mitigate some of the most trivial attacks). Hashing and…
Matt
  • 3,242
  • 2
  • 22
  • 27
20
votes
1 answer

Use of obscure URL for security

My hosting provider is offering an infrastructure-as-a-service (IaaS) product administered via a web interface, where the administrator can create and destroy virtual machines. To access the web-based administration portal, I need to log in to the…
Anonymous Ballstein
  • 311
  • 2
  • 6
5
votes
4 answers

Is changing default admin URLs an effective security measure?

Consider WordPress, which houses all of its admin functions in the /wp-admin/ directory. Accordingly, its admin URLs all begin with /wp-admin/. I'm wondering if it would be significantly more secure to have each installation use a unique name for…
poke
  • 375
  • 1
  • 3
  • 11
3
votes
0 answers

How are the Voyager spacecraft protected from hackers?

I just read https://space.stackexchange.com/questions/37980/does-the-voyager-team-use-a-wrapper-fortran77-to-python-to-transmit-current and it struck me: how does NASA prevent satellites like this to be hi-jacked? Any security protocol designed in…
d-b
  • 499
  • 3
  • 11
1
vote
2 answers

Is *all* obscurity subject to debate?

I'm a beginner and reading about attitudes towards "security by obscurity." I understand that there are varying degrees of vehemence in the opposition to the use of obscurity, but I am trying to clarify for myself how absolute this is. I understand…
Y     e     z
  • 133
  • 6