Talk:security through obscurity

Request for deletion
Computer security (2) + through (prep. 4) + obscurity (2) doesn't appear idiomatic to me. —Michael Z. 2010-04-15 19:54 z 
 * Delete. Yet another waste of user/contributor time, energy, and bandwidth. Delete seems to have been another ill-informed snap judgment by me. DCDuring TALK 21:02, 15 April 2010 (UTC)
 * It is idiomatic because this specific rhyming phrase is common, and used as a unit, among computer scientists. We have dozens of pseudo-idiomatic phrases that are far less worthy of an entry than this. Equinox ◑ 23:12, 15 April 2010 (UTC)
 * keep, "security through obscurity is not security" security through obscurity"&f=false - as Equinox says, it's a unit that denotes a specific meaning. It may be citable as hyphenated, it's often used in quotes around the three words. I'm not sure exactly how we prove its idiomaticity though. Conrad.Irwin 23:21, 15 April 2010 (UTC)
 * It seems more like a catchphrase than a true idiom. It's meaning seems clear given the context. I don't see how we would help users by having it. As a translation target?
 * CI: Any phrase, idiomatic or not, denotes a specific range of possible meanings.
 * Eq: The rhyme may account for why it is a catchphrase. But, rhyme-shmyme, not all somewhat-commonly-used rhyming collocations are idioms that meet CFI. I wouldn't mind reviewing other possibly weak entries among our purported idioms. We may have gotten rid of some of the worst, but chaff remains. DCDuring TALK 00:32, 16 April 2010 (UTC)
 * Keep. Commonly used set phrase in computing security books and articles. I've added a second definition, specific to cryptography, that of relying on an opponent's ignorance of a security system or cipher as a means of protecting the system. This might need a usage note to the effect that the term is normally used by critics, rather than proponents.--Dmol 07:01, 16 April 2010 (UTC)
 * Keep, as a context specific term, it's more than the sum of its parts. Mglovesfun (talk) 10:50, 16 April 2010 (UTC)


 * Really a separate sense? Here's a book that gives both kinds of examples, and neatly includes them in the definition “all methods of security in which the strength of the security relies on a secret that is kept secret only by chance.” —Michael Z. 2010-04-18 23:33 z 
 * There is a definite need for a separate definition. Cryptography and computing are different things, with crytography having been around for 2,000 years. The basic criticism of security through obscurity was laid out in the 19th century as one of Kerckhoffs' principles, which summed it up as - a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.--Dmol 00:28, 19 April 2010 (UTC)


 * This term doesn't mean different things in cryptography and computer security. (Arguably, computer security overlaps cryptography anyway: cf. Cryptography, Intro.) —Michael Z. 2010-04-24 19:21 z 
 * There is a major difference. The first definition implies that it is know that a system has faults, but they will be hidden to obtain (or attempt to abtain) security.  The second definition implies (mistakenly) that there are no vulnerabilities because the system is secret.--Dmol 08:59, 25 April 2010 (UTC)

And security by obscurity? —Michael Z. 2010-04-18 22:59 z 

Can someone explain why they consider this idiomatic? (Equinox's reasons don't seem to answer that.) Why the idiomatic label? Although often found in the context of computer security, it only has its literal meaning. It's common because it is self-explanatory. —Michael Z. 2010-04-18 23:23 z 


 * Per hydrostatic pressure relief system, the concept is a general one, but it refers to a specific thing. I'd argue the same for soccer ball, soccer + ball tells you what it does, it doesn't tell you what it is. Mglovesfun (talk) 08:43, 19 April 2010 (UTC)


 * Actually, neither is a specific thing. An “HPRS” (12 occurrences in G Books) is any system used to relieve hydrostatic pressure, often in a building foundation, but also in any other context where one encounters hydrostatic pressure and needs to relieve it: mechanical hydraulics, or mining excavation. Security by obscurity is any security that is by obscurity. I could trot this old horse out if I found my neighbour camouflaging his front door instead of putting a proper lock on it. —Michael Z. 2010-04-24 19:21 z 
 * Isn't that the point, you could use this phrase to refer to the concept (its "name" if you like), or you could explain it more verbosely. I imagine you'd get funny looks if you went around talking about your neighbours new "security through opacity" approach (of the 5 google hits, 2 are jokes on obscurity, and 1 is immediately corrected). I think there is evidence that authors consider this phrase to be one lexical unit, you can find it in quotation marks, and hyphenated. Conrad.Irwin 18:19, 26 April 2010 (UTC)


 * I'd accept a hyphenated attributive use as evidence. Thanks. —Michael Z. 2010-04-29 20:43 z 
 * kept. Added one, more could be added to the hyphenation's page. Conrad.Irwin 19:57, 30 April 2010 (UTC)