Security

In the world of cryptography, people hate the concept of security through obscurity

In a nutshell, they argue that using a ‘secret’ means of securing something is no good. On some level, they have a valid argument. On another level, it’s more of a zealous ideal that doesn’t make any sense in the real world.

I’ve always preferred a more pragmatic approach: security through obscurity is a great way to buttress an already-secure system. If your non-obscurity approach (“security by design”) is complete rubbish, security through obscurity is only as good as your obscurity.

The government used a mode of encryption called Fascinator. You sometimes see radios with Fascinator encryption modules for sale on eBay. It’s very, very illegal to own Fascinator equipment, because it’s somewhat of a classified mode of encryption. Not much is known about how it works. Isn’t that security by obscurity?

Here’s a more simple argument: a business keeps its money in a safe. The safe is somewhat secure: you need the combination to open it, and you can’t really pick it. On the other hand, a stick of dynamite will also open it. I’m hardly a safe expert, but many businesses, at least in fiction and the olden days, kept their safes in pretty prominent locations, and, if not that, in easy-to-guess observations. If I visit an establishment a few times a week, I might become very familiar with where they keep their safe. If I decided to rob them, all I’d need was some dynamite.

But now suppose that the business is owned by someone who thinks outside the box a little, and who places the safe somewhere bizarre: say, the employee restroom, or in a restaurant’s kitchen. Those who visit the business probably won’t even know that there’s a safe, so someone who’s planning on some safe heists might not even bother with their business.

The argument against security through obscurity is that, if someone knew where the safe was kept–an employee, perhaps–would be able to get to it with no additional effort. And this is a valid point, but it misses what I think is the more important point: if you used it with a “secure by design” system (e.g., the safe), it’s far less likely that people would even know about it in order to break it.

In a computer setting, I thought about (but haven’t taken the time to accomplish) running sshd on a nonstandard port. sshd is a very secure protocol and I use strong passwords. But running it on a nonstandard port: hiding it: security through obscurity would provide me with an additional layer of protection.

In the past, I had an interface to directly manipulate the blog comments table, allowing mass deletion easily. It was something I hacked together one night, and never bothered password-protecting it. It was a ‘hidden URL’ with no links, and the URL was just a random, meaningless word. This is what the security through obscurity folks rightly condemn: anyone who looked through my browser history, or who guessed the URL (very unlikely?) would have been able to do serious damage to the database. But I was the only one who ever knew it existed, and the logs confirm that I was the only one who ever accessed it. Of course it’s a bad idea, and I agree that security through obscurity, as the only means of defense, is a horrible idea. (Despite it having worked perfectly for me.)

But I can’t stand when people go against anything that includes security through obscurity in any sort. It can only help, just don’t rely on it exclusively.

One thought on “Security

  1. Security though obscurity is not quite the same thing as physical security. There is commonality but I would be careful about confusing the two. ALmost any system can be broken if one has physical access to it. Hidding the system behind locked doors is more about physical security than obscurity. Security though obscurity would be more like hidding it in an unlocked room in a rarely used part of the building.

    I do agree that a little obscurity can be a good thing though. There is really no good coming from daring someone to break in my keeping it in plain but protected sight.

Leave a Reply

Your email address will not be published. Required fields are marked *