“Matthew Priestley has taken a break from slaving for the man to
write us a piece where he takes on the convential wisdom that
Security through Obscurity isn’t secure at all, and tries to argue
that sometimes it is.”
“With the popularity of the open-source mindset, a general
contempt has drizzled upon all forms of obscurity. The concept of
security through obscurity (STO) in particu lar has been decimated.
Security through obscurity, which relies on the ignorance of
attackers rather than the strength of defenders, is dead in all but
practic e. The victory of the opposing full disclosure approach is
so complete that proposed ta ctics die at the mere hint they are a
form of STO.”
“This paper suggests security through obscurity can and does
work in certain strictly limited ways, and should not be eliminated
unthinkingly from the admin’s arsenal. It further implies that the
boundaries between STO and ‘real’ security are blurry and deserve
evaluation. However, this paper in no way proposes obscurity as a
method for keeping secrets in the long term.”