Security by obscurity does not work, because people are only so creative up to a point. Hence, there are only handful of configurations for the attacker to try out.
This contrasts to e.g. 128-bit secure encryption, which involves trying 2^128 times to break it - which is a number with whopping 38 zeros. It takes 10^22 years to break it with trying at 1GHz rate. It is simply incomparable, and adding a few bits of security by obscure combination is simply not worth it.
Yet, so many people and organizations seem to prefer obscurity to actual security.
Security by obscurity does not work, because people are only so creative up to a point. Hence, there are only handful of configurations for the attacker to try out.
This contrasts to e.g. 128-bit secure encryption, which involves trying 2^128 times to break it - which is a number with whopping 38 zeros. It takes 10^22 years to break it with trying at 1GHz rate. It is simply incomparable, and adding a few bits of security by obscure combination is simply not worth it.
Yet, so many people and organizations seem to prefer obscurity to actual security.