Yes, we like to have all of the secrecy condensed in secret key(s).
On the other hand, there's "defense in depth" too. Just in case we made a mistake, let's not make it any easier on the hacker then we need to.
Social hacking in particular (gaining access to employee, who has access to local network, which has access to server X, which connects to the database...) can be assisted by inside information.
On the other hand, there's "defense in depth" too. Just in case we made a mistake, let's not make it any easier on the hacker then we need to.
Social hacking in particular (gaining access to employee, who has access to local network, which has access to server X, which connects to the database...) can be assisted by inside information.