[merelydev]

"one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them" - Claude Shannon

https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

[grayhatter]

If you believe this, then why did you say?

> starting to think security through obscurity might not be a bad thing

[merelydev]

Because of asymmetric differences, I don't have access to powerful LLMs but attackers might. And also the complexities of software dependencies (supply chain vulnerabilities), my software depends on packages not in my control and I don't have time to audit the entire stack.