Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Bender 11 hours ago

Security through obscurity is NOT bad.

Security ONLY through obscurity is bad (Kerckhoffs's Principle).

Security through obscurity, as an additional layer, is good!

I've been saying this ever since that phrase was coined. A layer or two of obscurity keeps a lot of noise out of logs, reduces alert fatigue and cuts down on storage costs especially if one is using Splunk as their SIEM and makes targeted attacks much easier to detect. I will keep it.

mobeigi 10 hours ago | parent | next [-]

Couldn't agree more, I have personally benefited from the additional layer and it irks me when people outright claim it has no value.

ithkuil 10 hours ago | parent [-]

The informed claim is not that the obscurity layer has no value. Quite the contrary, it has such a great value that it basically reduces the incentives to have great proper security and thus once the obscurity layer is breached the second line of defense is weaker.

The argument is that it's much easier to secure proper key material rather than design and config information that can often be leaked accidentally because it's actually directly manipulated by humans (employee onboarding, employee churn etc)

kstrauser 10 hours ago | parent [-]

That's an interesting way to describe it. It's kind of like the turn away from requiring regular password updates. On paper, password rotation is good. But when you consider its interaction with human psychology, the policy makes security worse by causing people to make bad decisions.

rcleveng 10 hours ago | parent | prev | next [-]

This sounds just like my thoughts on PostgreSQL's row level security. As a additional layer it's good, as the only thing, watch out!

bee_rider 10 hours ago | parent | prev | next [-]

It would be nice if there was no overlap between terms for the operational things that help improve security (log reduction and other non-cryptographic methods of reducing admin fatigue), and the mathematical cryptographic characteristics of the system.

If the focus is on the latter, obscurity buys you nothing and adds complexity/distraction, which is bad. The former can be important though.

tokai 9 hours ago | parent | prev [-]

>I've been saying this ever since that phrase was coined

You have been alive since the 1880s?

Barbing 6 hours ago | parent [-]

Smart talking your elders!