My point is that if you set up a master key in the fashion described, such that thousands of people have access to it and it's basically impossible to change, that key becomes part of the system, rather than being a separate key. It becomes part of "how the lock works".

To quote Kerckhoffs's principle, which Wikipedia leads me to believe is the basis of the whole concept of security through obscurity:

"Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents"

Despite the name, this master key is not a "key" in the cryptographic sense. Any system intended to provide security without a key is necessarily relying on security through obscurity.

It's a different sort of "security through obscurity". We all know that many locks (elevators, etc) have a master key -- we see the receptacles every time we ride in such an elevator. The obscure part is not that there IS a master key, but rather its shape.

A master key is the same as a backdoor known to few. Whether you're using a key that fits the lock, or know that 'Joshua' is the superuser's login, it's still a "secret" which only provides protection while it's actually secret. I think it still counts as STO.

Not meaning to start any kind of semantic flame war, but I'm still not convinced.

> Whether you're using a key that fits the lock, or know that 'Joshua' is the superuser's login, it's still a "secret" which only provides protection while it's actually secret.

But isn't the same true about passwords? Aren't passwords secrects providing protection only when they remain unknown?

The problem here lies, IMO, not with secrecy but with the password/key distribution and protection. I could imagine a situation similar to described in the article if an administrator gave server's root password to half of the company staff, hoping that no one leaks it.