Penguin
Diff: SecurityByObscurity
EditPageHistoryDiffInfoLikePages

Differences between current version and revision by previous author of SecurityByObscurity.

Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History

Newer page: version 5 Last edited on Friday, August 1, 2003 8:20:26 pm by CraigBox
Older page: version 4 Last edited on Friday, August 1, 2003 2:39:07 pm by PerryLorier Revert
@@ -14,4 +14,7 @@
  
 Security through obscurity is usually frowned upon, because the "secret" is usually larger than it has to be, and is usually obscuring huge security flaws. ("I use a new cryptographic algo I made up! Noone knows what it is, so it must be secure!"). This is often considered even *less* secure than having a well known insecure system because you trust the security more than you should. 
  
 Much of the discussion at the top of this page isn't advocating security through obscurity. It's advocating diversity and avoiding a monoculture which is an entirely different concept. The idea behind a monoculture is that if everything is identical, then if you found a flaw in one, you've found a flaw in them all. If there is some varience between instances of a security infrastructure then you have to rediscover the flaw for each instance, which drastically slows down the attacker from compromising machines, but does not slow an attacker trying to attack any specific instance. 
+  
+-----  
+CategorySecurity