|
|
|
|
|
|
by datenwolf
3686 days ago
|
|
|
> In discussions like this the phrase "security by obscurity" gets used as an accusation. We all agree "security by obscurity" does not work. But that's not what is happening here. Well, sort of. In the linked article Jakob Ehrensvard (Yubico CTO) wrote: >> (…) One could say it actually works the other way. In fact, the attacker’s job becomes much easier as the code to attack is fully known and the attacker owns the hardware freely. (…) While the rest of the article makes good points, this particular sentence hints at "security through obscurity". |
|
|
The principle with open source is that you can trade that obscurity away in favour of the "many eyes" on your code and the fact that it is then proven secure. That tradeoff is definitely worth it, but that doesn't mean that the obscurity doesn't help security.