| ▲ | exmadscientist 6 hours ago | |
Secret storage isn't considered "security through obscurity". Everyone knows that when you find the key to the door, you've won. Security through obscurity is more like hiding the keyhole: it isn't going to stop anyone determined, but it can be effective against someone who isn't all that motivated (well, all that motivated to target you, anyway). | ||
| ▲ | Rury 5 hours ago | parent [-] | |
Which is a poor choice of words by the industry, as this is a semantically specious argument. You are still, in the strictest sense, relying on obscurity - the key being obscure from public knowledge. The industry should instead say: relying on an obscure process is bad when it comes to security. Better to rely on obscured data. As this is what is meant. But technically speaking, all of information security is done through obscurity. It is all done via hiding something from being known. To state otherwise, is a misuse of semantics. | ||