• bastian_5@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    4
    ·
    1 year ago

    Technically all security is only possible through obscurity. If everyone had your private key, it would no longer be secure because it is no longer obscure.

    • Dark Arc@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      That’s not what this means at all. Security by obscurity is referencing software that itself has secret pieces that are (to the software authors) “security features” which are only secure so long as their implementation details remain secret.

      Software using a key is not security by obscurity, knowing that a key is used by the software does not result in the application being compromised.

      Software that uses one secret key for all users embedded in the binary is security by obscurity.

      • bastian_5@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I thought it was referring to something being secure because few people are using it, so nobody is targeting it.