Cryptography is "just" a mathematically sophisticated version of manufacturing obscurity, so that's missing the point a bit. Obscurity is just information asymmetry, which is the only way we have to "secure" / anchor anything. That quote is about all the other forms of manufactured obscurity not being anywhere near as rigorous, which should be obvious.

▲

jrmg 9 hours ago | parent | next [-]

Don’t like that you’re getting downvoted here! This is a pet peeve of mine. All security is ‘security through obscurity’ when you get right down to it.

Cryptography is just a collection of ‘obscure’ keys (and, arguably, algorithms) that someone nefarious has to guess or work out - or social engineer out of someone - to access data. They’re just really hard to guess or work out.

▲

eadwu 8 hours ago | parent [-]

Pet peeve of mine as well.

To me this is a major problem of everyone saying security through obscurity is bad. But then those same people reinforcing encryption as a gospel of security.

As far as I know, there are no secrets in the world. Encryption is not providing security to anything. It only gives you guarantees wrt to a certain interpretation/perspective.

Modern encryption is underpinned by, no common folk (not no one or even the people who would have the ability to which are probably the ones that should be worried about) should be able to decrypt your contents _within your lifetime_ - which in and of itself is a pragmatic goal, but does not ensure secrets remain secrets.

	▲	Pannoniae 5 hours ago \| parent [-]
		That isn't technically true either ;) (sorry to be pedantic!) If your data is encrypted, what your adversary needs is some information about you - which they can gather by either buying it from someone or by investigating you - and a $10 wrench to go over there and get the keys out from you... Most secrets are only secrets because the combination of obscurity and incentives raises the bar high enough so no one who wants to bother really bothers.

▲

kortex 9 hours ago | parent | prev [-]

Eh, the problem with that reasoning is one of extreme degree. The "obscurity metric" would be the surprisal associated with discovering the critical piece of info. Using a random port confers brute force resistance of 2^16. At 1ms that's about a minute. Brute forcing at the same rate a 128 bit key takes like 10^28 years.

It's like hiding your key under the mat, vs hanging on a tree limb of a specific tree only you know the gps coordinate of. Both are "obscure". Huge difference in difficulty.