undefined | Better HN

0 pointsxvector5y ago0 comments

Security through obscurity isn’t an invalid technique if you also are doing security through cryptography too. One reduces your attack surface, the other reduces the number of attackers by increasing the required effort - both work. In part this is why many IoT devices also attempt to physically protect the underlying microchips, why HSMs destroy keys when enclosure tampering is evident, etc.

0 comments

lol7685y ago

> Security through obscurity isn’t an invalid technique if you also are doing security through cryptography too

It becomes a distraction vs actually writing a secure set of endpoints in the first place.. Folks get a sense of security from it which is entirely false.

j / k navigate · click thread line to collapse

0 pointsxvector5y ago0 comments

0 comments

lol7685y ago

> Security through obscurity isn’t an invalid technique if you also are doing security through cryptography too

It becomes a distraction vs actually writing a secure set of endpoints in the first place.. Folks get a sense of security from it which is entirely false.

j / k navigate · click thread line to collapse