[apotheon]

Please give the public origins of the notion that security through obscurity is broken a closer look. Until you understand what that means, you will keep making arguments like "keeping your key" (such as a password) "secret is just security through obscurity".

I recommend starting with Kerckhoffs' Principle.

Basically, you can regard "security through obscurity" as any violation of Kerckhoffs' principle -- which translates to any reliance on keeping secrets beyond the key itself.

[three14]

I have given it a closer look. Many times.

You're making an argument by assertion: Kerckhoffs' principle says don't keep secrets other than the key, so therefore you have to not keep secrets other than the key. Huh?

Kerckhoffs' principle is a great idea - but understand it. It doesn't say that extra secrecy makes you less secure. It just says that when you're designing a system using encryption, the key should be the single point of failure.

Let's say I'm locking a door. So you shouldn't be able to get in without the key - but it's going to be harder for you if you also can't find the keyhole.

When you're designing locks, don't try to hide the keyhole - spend all your effort getting a good, unpickable lock - but still, don't deny that hiding the lock isn't pointless.

[apotheon]

No, that's not an argument by assertion. It's an argument by pointing out that your "definition" of security through obscurity is apparently at odds with the very origins of the concept.

I'm not saying that hiding the keyhole harms security. I'm saying that pretending hiding the key is the same as hiding the keyhole is an exercise in something so silly I can't even think of the word.