alt Hacker NewsAll modes of cyber security depend on some obscurity (e.g. password)
Ideally we want a viable plan B, for when it’s leaked/figured out. (E.g. generate new passwords)
(For convenience let’s label air-gap as kind of physical security)
Replies
In cryptosystems there is a difference between things that can be changed and not, eg passwords/keys are a secret that can be easily charged. Algorithms not so much.
"Security through obscurity" refers to the practice of using an hard to change "thing" as a secret, which is indeed bad practice
i don't know a lot about the subject, but the little i know tells me this is not the way to look at this
your password (plain text) is secret because only you are supposed to a have it. in the digital realm, sharing the contents of the password (plain-text) is be akin to making a copy of it — undesirable
now, the algorithm that hashes the plain-text for comparison with the stored hash, that can be know by anyone, and typically is
so password ≠ hashing algorithm
> All modes of cyber security depend on some obscurity (e.g. password)
That's not what the expression means.
"Security through obscurity" has a very specific meaning — that your system's security depends on your adversary not understanding how it works. E.g. understanding RSA is a few wikipedia articles away, and that doesn't compromise its security, so RSA isn't security through obscurity.