Utku Sen utkusen.com

Security by obscurity is underrated  ↦

Utku Sen:

In the information security field, we have developed lots of thoughts that can’t be discussed (or rarely discussed):

  • Never roll your own crypto
  • Always use TLS
  • Security by obscurity is bad

I certainly learned these in my Infosec classes in college. Back then I didn’t really question it much, because what did I know? But I definitely remember thinking, “Okay security by obscurity is bad, but maybe why not do it anyway? Defense in depth, right?” Back to Utku:

Most of them are very generally correct. However, I started to think that people are telling those because everyone is telling them. And, most of the people are actually not thinking about exceptional cases. In this post, I will raise my objection against the idea of “Security by obscurity is bad”.


Discussion

Sign in or Join to comment or subscribe

0:00 / 0:00