Thursday, September 13, 2012

Obscurity and Security

People keep getting confused between obscurity and security. I was having a discussion with some CS guy and he was having trouble getting the idea of security. His idea was, if you are able to hide a thing, it is secure. Actually, by doing that a object becomes obscure not secure.

So here is my small explanation :
Obscurity is when you hide stuff so that people won't be able to get it in one shot. But once you know where/how it is obscured, the obscurity vaporizes. Its no longer 'secure'. Security is different. In security, you 'secure' it using some mechanism and you provide details of the mechanism. You provide how the whole system works. You just need to keep some parameter(s) (inputs or keys) secret which will allow you to access the object. Without the parameter, if you can't retrieve the object, it is secure!

No comments:

Post a Comment