![[Home]](http://www.bayleshanks.com/cartoonbayle.png)
i read something once that suggested that when it's likely that the securing entity will be able to catch and punish an attacker who fails, then it may be optimal to keep the methods of security secret; but when an attacker can execute failing attacks without penalty, then it makes sense to openly publish the methods of security, keeping secret only a few designated parts (such as passwords).
todo: find that article
