[CydeWeys]

Passwords are security through obscurity too. Things would be a lot less secure if all passwords were publicly available.

[pdpi]

Security by obscurity is precisely defined as security that relies on the algorithm/implementation itself being private to be able to function. Key material being private does not qualify for this. The alternative is that security through obscurity becomes such an all-encompassing term as to become meaningless

[tlrobinson]

In that case, 256 bit encryption keys are security-through-obscurity too, they're just realllllly obscure.

[kefka]

Indeed. The difference between "Security by obscurity" versus login/passwords is really scale.

Usually, some numbnut "programmer" sets a no-login and a simple password as a secret service account. It invariably is found, and badness ensues.

Whereas login/password is a 1/password_space chance of getting it. It's the combination of a default hidden account and no way to know/change it.