Actually it is obfuscation but that is not a bad thing.
Obfuscation has a bad rap but people don't actually understand it, and you see that here.
The difference between "regular" obfuscation and this randomization system is that in a regular way, /someone/ is going to know the answer, whereas with randomization, no one really knows.
It is like letting someone chase you forever. Also, if every guess comes at high risk, the probability of someone ever attempting it goes down considerably. Personally I would use this technique if I had no other recourse, but not in a normal system or situation where I would be confident enough to trust other measures.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: IMO you can't solve security by adding more stuff
Date: 2016-03-30 07:35 am (UTC)Obfuscation has a bad rap but people don't actually understand it, and you see that here.
The difference between "regular" obfuscation and this randomization system is that in a regular way, /someone/ is going to know the answer, whereas with randomization, no one really knows.
It is like letting someone chase you forever. Also, if every guess comes at high risk, the probability of someone ever attempting it goes down considerably. Personally I would use this technique if I had no other recourse, but not in a normal system or situation where I would be confident enough to trust other measures.