> I see this being claimed a lot, but isn’t all security by obscurity at the end of the day?
I Do Not Think It Means What You Think It Means [1].
To elaborate, the concept is not formal/mathematical, it's a design concept. You can distinguish between a security implementation that explicitly depends on a secret key or password, and an implementation that implicitly relies upon secret implementation details for its security. The latter is not intentionally designed as a carefully-controlled secret, and therefore much easier to accidentally leak.
You are right, I did, but I think so does the parent of my original reply.
The GP of the original reply said "Randomise your bucket names" and the parent said this is "Security by obscurity".
The point I was trying to make, was that using a random name, as the GP suggested, is as good as using some kind of security with a password of the same strength.
Assuming there is no way for somebody to get a list of all the buckets, and therefore not having to "guess" the name.
But yeah, it has nothing to do with security through obscurity. Sorry.
I Do Not Think It Means What You Think It Means [1].
To elaborate, the concept is not formal/mathematical, it's a design concept. You can distinguish between a security implementation that explicitly depends on a secret key or password, and an implementation that implicitly relies upon secret implementation details for its security. The latter is not intentionally designed as a carefully-controlled secret, and therefore much easier to accidentally leak.
[1] https://en.wikipedia.org/wiki/Security_through_obscurity