I read that,
> The strength of encryption is determined by the algorithm used, length of the key, and - most importantly - how well the server key is secured: if the server key is hard-coded into the server implementation and that code is then open-sourced...
It's essential to secure a server key. But I wonder if there's any advantage of "hiding" (maybe through using an environment variable) the algorithm used to generate a key?
Or is the advantage gained in hiding these details too small to be relevant?
> But I wonder if there’s any advantage of “hiding” (maybe through using an environment variable) the algorithm used to generate a key?
That would be a kind of 'Security through obscurity', which is generally regarded as being a false security at best, and actively harmful [at worst](https://security.stackexchange.com/a/24455).