>>54413421
Because they can't pull it right out of your brain. Yet.

>>54413421
I know you're retarded but when someone says that security by obscurity is bad they mean that an algorithm which is obscure does not mean that it is secure.

>>54413421
lol, good one.

That's why two-step verification is important. Something you know and something you have.

>>54413530
And in the future perhaps something you are.

File: 1461743024830.jpg (99 KB, 648x823) Image search: [Google]

99 KB, 648x823

>>54413545
>you must be this gay to use osx

>>54413483
what is rubber hose cryptanalysis

>>54413684
Imagine the possibilities.

>>54413421
There's nothing wrong with security by obscurity.

What's wrong is if t hat's the only thing you rely on. If you have an actually secure system/algorithm, but are also use obscurity, that's fine. Because if the obscurity is broken, you still have a technically sound system to fall back on.

The goal is to require as little to be a secret as possible. The driving idea is Kerckhoffs's principle.
https://en.wikipedia.org/wiki/Kerckhoffs's_principle

>A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

>>54414987
While that's true in theory, in practice, the value of public vetting tends to outweigh the value of obscurity. It's why companies have been moving towards FOSS crypto libraries, and bug bounty programs instead of litigating researchers the way they used to.