Come on, now I'm starting to suspect you're commenting in bad faith. Just to rei... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		omginternets on June 7, 2016 \| parent \| context \| favorite \| on: Obscurity Is a Valid Security Layer Come on, now I'm starting to suspect you're commenting in bad faith. Just to reiterate, SSH was an example of the general problem that is misconfigured/buggy software. OpenSSH is certainly one of the most secure programs I'm aware of, but the same can't be said for things like wordpress. Eventually, something gets messed up (if only momentarily), and being nonstandard makes you less susceptible to scripted breaches. We can debate whether the tradeoff is worthwhile (and in many cases it's not), but it's a valid gosh-darn secruity layer!

tptacek on June 8, 2016 [–]

If you can't deploy passwordless SSH, you have problems port-knocking can't solve.

omginternets on June 8, 2016 | [–]

I'm at a loss for words. I implore you to re-read this comment thread and try to understand what I'm saying.

You're responding to an argument I haven't made.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact