|
|
|
|
|
|
by staunton
1209 days ago
|
|
|
> don't rely on security through obscurity Which doesn't mean you shouldn't also use obscurity. NIST recommends it [1], and the industry widely uses it. In practice "don't rely on obscurity" usually means "have enough security besides obscurity to give you a grace period to switch out the obscurity". That's for whole systems, you might get away with people knowing you use standardized primitives like AES. [1]: https://csrc.nist.gov/news/2021/revised-guidance-for-develop... |
|
|