that is Security through Obscurity which is a bad thing to rely on.
You've stumbled across a pet peeve of mine. Despite what Elias Levy preaches unto the masses, "Security through Obscurity" is not a bad thing.
Consider a basic staple of security, the username/password combination. This is obscurity. You are betting that someone will not guess that combination. Granted, you should restrict access to certain hosts, have layers of security, proper logging to detect password cracking and other bad stuff, blah blah blah, but if someone guesses all your 14 character lowercase uppercase alpha numeric passwords (with that exclamation mark at the end, yes I know ;) on the first shot, you're probably screwed.
There is nothing wrong with this though, security is just Playing the odds and chances are, if you pick good passwords and follow some basic practices, you're system will be compromised via some other method :).
I should also note that many people, possibly including you, might say I'm bending the meaning of the term a bit. They only use the term "Security through Obscurity" to refer to the belief that if the details of a system are not made publicly available the system will be more secure. People who hold this belief sometimes also suggest that vulnerability details should be restricted to vendors and a small number of people. While I do believe that giving too much information out does make it more likely that your system will be compromised, I do not believe restricting vulnerability disclosure would be a good idea. Giving a little notice to the vendor is polite though.
In reply to Re: Re: How secure is XOR encryption?
by cjf
in thread How secure is XOR encryption?
by talexb
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |