Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Security through obscurity
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Reliance on design or implementation secrecy for security}} [[File:Security through obscurity hiding a key on a car tyre.jpg|thumb|alt=A key on a car tyre of a car|Security through obscurity should not be used as the only security feature of a system.]] In [[security engineering]], '''security through obscurity''' is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of [[Cypherpunk#Hiding the act of hiding|hiding something in plain sight]], akin to a magician's [[sleight of hand]] or the use of [[camouflage]]. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as [[user agent spoofing|spoofing a web browser's version number]]. While not a standalone solution, security through obscurity can complement other [[Operations security|security measures]] in certain scenarios.<ref>{{Cite book |last=Zwicky |first=Elizabeth D. |url=https://books.google.com/books?id=Q0ErhHGxNWcC |title=Building Internet Firewalls: Internet and Web Security |last2=Cooper |first2=Simon |last3=Chapman |first3=D. Brent |date=2000-06-26 |publisher="O'Reilly Media, Inc." |isbn=978-0-596-55188-9 |language=en}}</ref> Obscurity in the context of security engineering is the notion that information can be protected, to a certain extent, when it is difficult to access or comprehend. This concept hinges on the principle of making the details or workings of a system less visible or understandable, thereby reducing the likelihood of unauthorized access or manipulation.<ref>Selinger, Evan and Hartzog, Woodrow, Obscurity and Privacy (May 21, 2014). Routledge Companion to Philosophy of Technology (Joseph Pitt & Ashley Shew, eds., 2014 Forthcoming), Available at SSRN: <nowiki>https://ssrn.com/abstract=2439866</nowiki></ref> Security by obscurity alone is discouraged and not recommended by standards bodies.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)