If there is anywhere obscurity shouldn’t apply, it’s in cryptography because crypto needs to be open, tested, and truly secure, Roger Grimes writes. “But I argue that obscurity can even play a role here,” he argues in Can obscurity make cryptography better? And Grimes gives three examples: salting password hashes, hiding crypto and hiding crypto keys. “I can think of many more examples when adding obscurity to cryptography adds some additional value. Security is rarely a binary decision and we diminish the discussion when we completely discount the value of obscurity.” Security