[nicce]

> And yet this one lasted 30 years.

Main goal of security through obscurity is the hindrance. Make it slower and harder to to detect possible vulnerabilities.

So indeed, there is something to debate.

But I guess it helps only against those with limited resources, not against nation states.

[swells34]

This is analogous to physical security doors. They are considered passive security, since they are a deterrent, and are rated by the numbers of hours they are expected to hold up against hand tools.

[xmprt]

Is it still true that nation states are at the forefront of innovation and the largest security threats? At least in the United States, I'd be surprised to learn that their best and brightest minds are working in three letter government agencies when they can work in industry for more money and less bureaucracy.

[londons_explore]

Does one need the best and brightest minds to break crypto? Or does it just take a lot of full-time regular minds?

Because the academic/opensource communities famously don't have many hours to dedicate to the cause.

[nicce]

> Because the academic/opensource communities famously don't have many hours to dedicate to the cause.

People in academics dedicate their lifes for this. Who has more time?

[tptacek]

Yes. Additionally, there are extensive public/private partnerships.

[fmajid]

> Main goal of security through obscurity is the hindrance

No, the main goal is to obfuscate just how incompetent the authors of the spec are, and how clearly they illustrate Dunning-Kruger.

[nicce]

> No, the main goal is to obfuscate just how incompetent the authors of the spec are

If you agree that it obfuscates the meaning of the author’s work, then it also slows down other things recursively…