Security By Obscurity

Security By Obscurity
Jun 29 07:18 [raw]

A bitmessage poster wrote, "Security by obscurity is inefficient." Ever heard of "classified" or "top secret?" Since it works so bad, why do they do it? (Rhetorical question, you'll not be able to provide a reasonable or cogent answer.) One can't get these crypto-cult-koolaid drinkers to admit their ideas are wrong-headed. Some cult leader at a conference or college class said it, so it must be true. Security by obscurity is the most often employed, and most often successful security strategy in most domains from the statehouse down to the chef's secret mustard recipe. Security by obscurity works 99.99 % of the time. Because 0.01% of the time it fails or a traitor leaks something, the gatekeepers of cryptography pounce on the event as evidence that you must use their products and ideas to secure your secrets. Because obscurity fails once in a while, the crypto-cult gatekeepers lie to you and expect you to believe their crypto fails less. But in practical experience, industry standard cryptography fails much more often than security by obscurity. And when it does fail, it does not put one person's obscure secrets at risk--when cryptography fails, it risks the secrets of millions of dupes who are using the failed crypto. = zaeon = Bitmessage broadcast: BM-NB4UTyuEJrQBtxJfT96DVagfQo8ZaeoN