nelz wrote:how do you work that out? A great big locked door is not obscure, a small door with a poor lock hidden behind a curtain is the physical equivalent of security through obscurity.
The point of that quote, which a first heard from a cryptography professional, is that it is important for all affected to know that the method of securing the data really is secure. Millions of people know how PGP works, but not one of them has cracked it when used with a secure key.
So we descend to playing with meanings. If a message is encrypted and needs a private key to read it, does that encryption "obscure" the message? In my book, sure it does.
I used the phrase "Security through obscurity" with one meaning in mind, you replied with a more restricted meaning in mind.
For example I would regard a private encryption key as "obscured" because that's what "private" means. You would presumably say that you weren't referring to that, but to the more general software algorithm.
Many an encryption procedure has remained uncracked only because it was obscure. Of course, to ensure success the obscurity must not be compromised. But there are ways of reducing that risk.
Of such joys are flawed security arrangements made - whether or not you have a tame cryptographer on hand to trot out his favourite dogma. As you rightly point out, this is not a good approach for most Internet-facing software.