|
|
|
|
|
|
by lvh
4617 days ago
|
|
|
I think you're misunderstanding where that came from, or what it means. The idea behind security through obscurity being bad isn't about stealthiness, it's about that the idea that an attacker not privy to details of the system isn't really disadvantaged. Using a secret custom cipher is worse than using publicly vetted and analyzed ciphers like AES or ChaCha20. Specifically, port-knocking isn't about security through obscurity. Your secret is the knocking sequence. Making the port inaccessible without that makes sense. |
|
|