Security through obscurity isn’t an invalid technique if you also are doing secu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		xvector on Jan 11, 2021 \| parent \| context \| favorite \| on: Steam's login method is kinda interesting Security through obscurity isn’t an invalid technique if you also are doing security through cryptography too. One reduces your attack surface, the other reduces the number of attackers by increasing the required effort - both work. In part this is why many IoT devices also attempt to physically protect the underlying microchips, why HSMs destroy keys when enclosure tampering is evident, etc.

lol768 on Jan 11, 2021 [–]

> Security through obscurity isn’t an invalid technique if you also are doing security through cryptography too

It becomes a distraction vs actually writing a secure set of endpoints in the first place.. Folks get a sense of security from it which is entirely false.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact