Hiding the algorithm used when generating a token?
add tag
Pax 
I read that,

> The strength of encryption is determined by the algorithm used, length of the key, and - most importantly - how well the server key is secured: if the server key is hard-coded into the server implementation and that code is then open-sourced...
> 
> https://stackoverflow.com/a/61099851

It's essential to secure a server key. But I wonder if there's any advantage of "hiding" (maybe through using an environment variable) the algorithm used to generate a key?

Or is the advantage gained in hiding these details too small to be relevant?
Top Answer
Jack Douglas 
> But I wonder if there’s any advantage of “hiding” (maybe through using an environment variable) the algorithm used to generate a key?

That would be a kind of 'Security through obscurity', which is generally regarded as being a false security at best, and actively harmful [at worst](https://security.stackexchange.com/a/24455).
comments
transcript

Enter question or answer id or url (and optionally further answer ids/urls from the same question) from

Separate each id/url with a space. No need to list your own answers; they will be imported automatically.