Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
thephyber 10 hours ago

> Security ONLY through obscurity is bad (Kerckhoffs's Principle).

This is the crux of the article.

(1) Kerckhoffs's Principle doesn’t say that. It says to design the system AS IF the adversary has all of the info about it except the secrets (encryption key, certificates, etc).

(2) this rule is okay if you are a solo maintainer of a WordPress installation. It’s a problem if you work at a large company and part of the company knows the full intent of this, while the rest of the company doesn’t know the other layers of security BECAUSE of the obscurity layer. In this way, it’s important to communicate that this is only a layer and shouldn’t replace any other security decisions.

MattPalmer1086 6 hours ago | parent | next [-]

Kerkhoff's principle is not about security in general, it is about the design of cryptography. Assume your opponent knows everything about how your crypto system works. Your security then lies in the keys and not knowledge of the method.

More broadly, anything that raises the cost of an attack helps security. Whether it is worth investing your defensive effort in that vs on more actual security is a different matter.

rileymat2 6 hours ago | parent | next [-]

If it does not obscure your own view of the security or reasoning about the security stance.

For instance, with respect to url parameters, I have seen people being told they have an Insecure Direct Object Reference, then apply base64 encoding to it to obscure what is going on. To QA they don't notice it looks like junk, it is obscure, but base64 encoded parameters are catnip to hackers.

So in this case, the obscurity made the system worse over time.

Heck, the most cringeworthy phrase "Base64 Encryption" which I have heard many many times.

MattPalmer1086 5 hours ago | parent [-]

A nice point!

catlifeonmars an hour ago | parent | prev [-]

I agree, that anything that raises the cost of an attack may be worth doing. Most “obscurity” related practices do not meaningfully raise the cost of an attack beyond a certain threshold. Physical locks are not a great analogy.

sroussey 2 hours ago | parent | prev [-]

"Security through obscurity" can help in the reverse (for a time) — if they have your keys but haven’t found the locks.

Might give you enough time to change the locks. But not provably — which can matter to a lot of people.