Security By Obscurity — a New Theory
mikejuk writes "Kerckhoffs' Principle suggests that there is no security by obscurity — but perhaps there is. A recent paper by Dusko Pavlovic suggests that security is a game of incomplete information and the more you can do to keep your opponent in the dark, the better. In addition to considering the attacker's computing power limits, he also thinks it's worth considering limits on their logic or programming capabilities (PDF). He recommends obscurity plus a little reactive security in response to an attacker probing the system. In this case, instead of having to protect against every possible attack vector, you can just defend against the attack that has been or is about to be launched."
Vast majority of DRM schemes are broken, and I think it says something about security through obscurity....
Yet, though VideoGuard salletite/cable TV drm scheme remain unbroken for 8 years, despite the fact that is very popular and really sucks (you need their set-top-box to view it)
and its really frightening that one day they will create a scheme that can't be broken....