What is "security through obscurity"

Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. Hiding account passwords in binary files or scripts with the presumption that "nobody will ever find it" is a prime case of STO.

STO is a philosophy favoured by many bureaucratic agencies (military, governmental, and industrial), and it used to be a major method of providing "pseudosecurity" in computing systems.

Its usefulness has declined in the computing world with the rise of open systems, networking, greater understanding of programming techniques, as well as the increase in computing power available to the average person.

The basis of STO has always been to run your system on a "need to know" basis. If a person doesn't know how to do something which could impact system security, then s/he isn't dangerous.

Admittedly, this is sound in theory, but it can tie you into trusting a small group of people for as long as they live. If your employees get an offer of better pay from somewhere else, the knowledge goes with them, whether the knowledge is replaceable or not. Once the secret gets out, that is the end of your security.

Nowadays there is also a greater need for the ordinary user to know details of how your system works than ever before, and STO falls down a as a result. Many users today have advanced knowledge of how their operating system works, and because of their experience will be able to guess at the bits of knowledge that they didn't "need to know". This bypasses the whole basis of STO, and makes your security useless.

Hence there is now a need is to to create systems which attempt to be algorithmically secure (Kerberos, Secure RPC), rather than just philosophically secure. So long as your starting criteria can be met, your system is LOGICALLY secure.

"Shadow Passwords" (below) are sometimes dismissed as STO, but this is incorrect, since (strictly) STO depends on restricting access to an algorithm or technique, whereas shadow passwords provide security by restricting access to vital data.