Security through obscurity


Kindly be reminded that the recommended answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications. 

This post is the justification of the Cryptography Practice Question. The recommended answer is A, Task a development team member to develop the application code utilizing a standard cipher that is openly reviewed and certified.

It is a proprietary cryptographic solution to develop a cryptographic module in-house or use one without public review and certification, and it is a way of “security through obscurity” which doesn’t follow the Kerckhoffs’s principle or Shannon’s maxim.

The concept of Kerckhoffs’s principle and Shannon’s maxim is widely embraced by cryptographers, as it is believed to be a more effective and secure way than “security through obscurity.”

The FIPS 140-2, Federal Information Processing Standard (FIPS) Publication 140-2, is a U.S. government computer security standard used to approve cryptographic modules. This standard specifies the security requirements that will be satisfied by a cryptographic module. FIPS 140-2 defines four levels of security, simply named “Level 1” to “Level 4”. It does not specify in detail what level of security is required by any particular application.


Leave a Reply