top | item 42002625

(no title)

> to a large extent, it's directly because of hardware based privacy features.

First, this is 100% false. Second, security through obscurity is almost universally discouraged and considered bad practice.

discuss

UniverseHacker|1 year ago

Security though obscurity is highly effective.

Think of some common sense physical analogies: a hidden underground bunker is much less likely to be robbed than a safe full of valuables in your front yard. A bicycle buried deeply in bushes is less likely to be stolen than one locked to a bike rack.

Without obscurity it is straightforward to know exactly what resources will be required to break something- you can look for a flaw that makes it easy and/or calculate exactly what is required for enough brute force.

When you add the element of well executed obscurity on top of an also strong system, it becomes nearly impossible to even identify that there is something to attack, or to even start to form a plan to do so.

Combining both approaches is best, but in most cases I think simple obscurity is more powerful and requires less resources than non obscure strength based security.

I’ve managed public servers that stayed uncompromised without security updates for a decade or longer using obscurity: an archaic old Unix OS of some type that does not respond to pings or other queries, runs services on non-standard ports, and blocks routes to hosts that even attempt scanning the standard ports will not be compromised. Obviously also using a secure OS with updates on top of these techniques is better overall.

mu53|1 year ago

I think the scenario that security through obscurity fails is when the end user is reliant on guarantees that don't exist.

For example Intel's Management Engine, it was obscured very well. It wasn't found for years. Eventually people did find it, and you can't help but wonder how long it took for bad actors with deep pockets to find it. Its this obscured cubby hole in your CPU, but if someone could exploit it, it would be really difficult to find out because of intel's secrecy on top of the feature.

nkmskdmfodf|1 year ago

> Security though obscurity is highly effective.

If you say so.

> Think of some common sense physical analogies: a hidden underground bunker is much less likely to be robbed than a safe full of valuables in your front yard. A bicycle buried deeply in bushes is less likely to be stolen than one locked to a bike rack.

That's not what security through obscurity is. If you want to make an honest comparison - what is more likely to be a secure - an open system built based on the latest/most secure public standards, or a closed system built based on (unknown)? The open system is going to be more secure 99.999% of the time.

> Without obscurity it is straightforward to know exactly what resources will be required to break something- you can look for a flaw that makes it easy and/or calculate exactly what is required for enough brute force.

The whole point of not relying on obscurity is that you design an actually secure system even assuming the attacker has a full understanding of your system. That is how virtually all modern crypto that's actually secure works. Knowing your system is insecure and trying to hide that via obscurity is not security.

> it becomes nearly impossible to even identify that there is something to attack

That's called wishful thinking. You're conflating 'system that nobody knows about or wants to attack' with 'system that someone actually wants to attack and is defending via obscurity of its design'. If you want to make an honest comparison you have to assume the attacker knows about the system and has some motive for attacking it.

> but in most cases I think simple obscurity is more powerful and requires less resources than non obscure strength based security.

Except obscurity doesn't actually give you any security.

> I’ve managed public servers that stayed uncompromised without security updates for a decade or longer using obscurity: an archaic old Unix OS of some type that does not respond to pings or other queries, runs services on non-standard ports, and blocks routes to hosts that even attempt scanning the standard ports will not be compromised.

That's a laughably weak level of security and does approximately ~zero against a capable and motivated attacker. Also, your claim of 'stayed uncompromised' is seemingly based on nothing.

ghostpepper|1 year ago

This is a common saying but in reality, security through obscurity is widely deployed and often effective.

More pragmatic advice would be to not rely solely on security through obscurity, but rather to practice defence in depth.

nkmskdmfodf|1 year ago

Security by insecurity is also 'widely deployed and often effective'.

bilekas|1 year ago

Obfuscation is not security.. So there can't be "security through obscurity".

Widely deployed doesn't mean it's a positive action, and effective ? It just can't be as it's not a security. People really need to pay more attention to these things, or else we DO get nonsense rolled out as "effective".

Tagbert|1 year ago

Where did you come up with “ security through obscurity ” in that previous commment? It said nothing about using an obscurity measure. He was talking about hardware based privacy features.

MediumOwl|1 year ago

> Second, security through obscurity is almost universally discouraged and considered bad practice.

This is stupid advice that is mindlessly repeated. Security by obscurity only is bad, sure. Adding obscurity to other layers of security is good.

Edit: formatting

meibo|1 year ago

No, that's just plain wrong in this case. It makes proper security research much harder and what's going on with your hardware less obvious.

nkmskdmfodf|1 year ago

Nah, you have no idea what you're talking about.

kvakkefly|1 year ago

What do you mean by considered bad practice? By whom? I would think this is one of the reasons that my Macs since 2008 have just worked without any HW problems.