Does security through obscurity work?

Does security through obscurity work?

Security by obscurity alone is discouraged and not recommended by standards bodies. The National Institute of Standards and Technology (NIST) in the United States sometimes recommends against this practice: “System security should not depend on the secrecy of the implementation or its components.”

What does security through obscurity is not an answer means?

Security through obscurity means that hiding the details of the security mechanisms is sufficient to secure the system alone. Obscuring security leads to a false sense of security, which is often more dangerous than not addressing security at all.

What are the basic principles of information security?

The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles. Together they are called the CIA Triad.

Which is true about security through obscurity?

Although this might seem logical, it’s actually untrue. Security through obscurity means that hiding the details of the security mechanisms is sufficient to secure the system alone.

Who was an opponent of security through obscurity?

Security experts have rejected this view as far back as 1851, and advise that obscurity should never be the only security mechanism. An early opponent of security through obscurity was the locksmith Alfred Charles Hobbs, who in 1851 demonstrated to the public how state-of-the-art locks could be picked.

Which is true about open disclosure of vulnerabilities?

Principle 12: Open Disclosure of Vulnerabilities Is Good for Security! Many people in the information security industry believe that if malicious attackers don’t know how software is secured, security is better. Although this might seem logical, it’s actually untrue.

What makes an obscure algorithm a secret algorithm?

By contrast, an obscure algorithm is “secret” only as long as the attacker does not work out the algorithm details, and that depends on a lot of factors: accessibility to hardware implementing the algorithm, skills at reverse-engineering, and smartness. We do not have a useful way to measure how smart someone can be.