• bastian_5@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    4
    ·
    1 year ago

    Technically all security is only possible through obscurity. If everyone had your private key, it would no longer be secure because it is no longer obscure.

    • Dark Arc@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      That’s not what this means at all. Security by obscurity is referencing software that itself has secret pieces that are (to the software authors) “security features” which are only secure so long as their implementation details remain secret.

      Software using a key is not security by obscurity, knowing that a key is used by the software does not result in the application being compromised.

      Software that uses one secret key for all users embedded in the binary is security by obscurity.

      • bastian_5@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I thought it was referring to something being secure because few people are using it, so nobody is targeting it.

    • GNU Dude@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Every single time I recommend Signal to anyone, I get told, that WhatsApp already has E2EE and that there is no reason to switch because of that. Like, give me the proof the keys aren’t sent to Facebook man.

  • KrisND@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    🤫 “It’s not used in the wild…yet.”

    Also, made me think about how micosoft has applied this to their settings. The microsoft account settings are horrible.