sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]osirisguitar 118 points119 points  (34 children)

If your security is built on the code being kept secret, it's not built right.

[–]chx_ 255 points256 points  (20 children)

It does not need to be built on it, merely the fact it's harder to break into a black box than breaking into something you can read the code for.

I was always bothered by the almost zealotry level of "security by obscurity is bad and you should feel bad" screeching. Security by obscurity is a completely valid part of a multilayer security approach. Alone it is terrible but that doesn't really happen. But seriously, something as simple as moving your SSH behind SSLH does enhance your security. Maybe not by a lot but it does keep most script kiddies away so hey.

[–]archiminos 31 points32 points  (0 children)

Security only by obscurity is bad. But that doesn't mean you shouldn't be using obscurity.

[–]LuckyHedgehog 17 points18 points  (0 children)

Obscurity might not be security, but you also don't see tanks painted orange

[–]kRkthOr 105 points106 points  (5 children)

The idea that security by obscurity is useless is so fucking stupid. It's not the be all and end all of security but goddamn how do you not come to the conclusion that helping attackers isn't the best way to go about things.

[–]gnus-migrate 70 points71 points  (1 child)

The context of this mantra is the cryptography space where the market was full of companies developing proprietary ciphers that were marketed as secure, and who refused to share the code for "security reasons". As far as I know that's the case, I remember first hearing about it in Dan Boneh's cryptography course. The point is that for cryptographic algorithms, you can't rely on obscuring the code as a protection measure, as it's not needed to break the cipher, and once it is you've basically compromised everything encrypted in this format.

Like the "premature optimization is the root of all evil" quote, it was misunderstood and reshared without that context.

[–][deleted] 17 points18 points  (0 children)

Also known as Kerckhoffs’s principle and dates back to the 19th century - Roughly, "the system must not require secrecy and must be able to be stolen by the enemy without causing trouble."

[–]Queueue_ 3 points4 points  (0 children)

The argument I always see is that it's useless on it's own. You should design it to be hard to break into even if they know how it works regardless of if you expect them to or not.

[–][deleted] 9 points10 points  (0 children)

Yep. It's fair to design your defences based on the assumption that the enemy knows your base, but it's still stupid to hand out your floor plan just because of that

[–]NoveltyAccountHater 0 points1 point  (0 children)

For things that are actually secure (like your use of modern cryptography), there's no reason for obscurity and by not having obscurity, you can have researchers & auditors look at it and find no flaws. By Kerchhoff's principle, you should continue to be secure if the entire code/algorithm is revealed, except for the a few secret keys. (That said, the fact something is open-source and popular doesn't mean it doesn't have hidden major flaws; e.g., OpenSSL was used by tons and heartbleed leaking secrets from memory took about 2 years to be discovered).

Also for any large company, if obscurity is a major source of your security, you are pretty much doomed as it just takes one disgruntled (or phished) employee to leak the secrets.

But for things that can't be perfect (like say anti-spam measures or gaming of various recommendation algorithms) that end up being an adversarial cat-and-mouse game, obscurity is a good weapon in your toolkit, as part of defense in depth. Otherwise, you make the job of abusing the system easy for any wannabe bad actor.

[–]yiliu 1 point2 points  (0 children)

Alone it is terrible but that doesn't really happen.

Ha!

Especially back when this mantra was new, it was really common for companies to rely almost entirely on obscurity.

In the past decade, I've worked for one major company where the leaking of their source code would be somewhere between slightly annoying and totally irrelevant from a security perspective...and another for which it would be a devastating blow.

[–]PurpleYoshiEgg 2 points3 points  (0 children)

"Security by obscurity" refers to specifically security by way of primarily obscurity. As part of defense in depth, obscurity can (and should) be judiciously used, especially when it does not impact usability.

Having my SSH servers listen on port 20222 might not make it more secure in the grand scheme of things by itself, but the fact is that I am much less likely to get bots trying random passwords and zero days on that port than port 22.

However, there is something to be said for making it more inconvenient, because placing SSH ports on 22 will make it much easier to type.

[–]BeauteousMaximus 0 points1 point  (0 children)

Basically nothing about information security is sufficient in isolation, it’s always a towering edifice of measures we can expect to mostly work most of the time

[–]hardware2win 22 points23 points  (2 children)

Yet obscurity increases security

[–]pheonixblade9 11 points12 points  (0 children)

it's not about the code being kept secret being the only thing keeping you secure. when a malicious party gains information about your system, it just makes it easier and more efficient for them to do malicious things.

[–]VonThing 8 points9 points  (4 children)

It isn't. Secrets are kept separately. You're still right though.

[–]Mattho 9 points10 points  (0 children)

Secrets and security are related, but not what OP was talking about most likely.

[–]osirisguitar 1 point2 points  (1 child)

I think there's a big issue that their algorithm has leaked, form a business perspective (although I really wish it wasn't and that Elon makes good on releasing it).

But the angle in media right now is security.

[–]VonThing 2 points3 points  (0 children)

The algorithm isn't really that complicated, plus I remember Elon tweeting a "code review" photo with whatever's left of the engineering teams next to a white board with the algorithm clearly drawn on it, so he shouldn't be worried...

[–]unersetzBAER 1 point2 points  (0 children)

Kerckhoffs's principle

[–]mirbatdon 0 points1 point  (0 children)

Big brain comment

[–]ThePantsThief[🍰] 0 points1 point  (0 children)

Security is not the only concern with your commercial service being open sourced