[Cryptography] NSA versus DES etc....

Jerry Leichter leichter at lrw.com
Thu Oct 2 11:35:46 EDT 2014


On Oct 1, 2014, at 1:33 PM, ianG <iang at iang.org> wrote:
> One point for:  Suite A and friends, which remains a heavily shared secret.
> 
> One point against:  In this particular place called cryptography, there
> is a frequently repeated aphorism "the enemy knows my algorithm"
> recently attributed as Shannon's maxim and historically as Kerckhoffs'
> 2nd Principle.
One can read way too much into this rule.  There's a countervailing principle:  Defense in depth.  Your data is protected (a) by the secrecy of your algorithm; (b) by the secrecy of your code.  The enemy needs *both* to read your data.  Why give him one for free?

Granted, the algorithm lives much longer and is much more widely distributed than any given key.  So in your analyses you're going assume that the probability of the algorithm leaking is much higher than that of any given key being lost.  But that doesn't change the basic assumption needed for defense in depth:  That failure of any given level is *independent* of failure of any other level.

NSA has traditionally favored crypto embedded in hardware.  The hardware itself is subject to defense in depth.  It's kept in secure locations, and there are mechanisms for quickly destroying it if it's about to fall into enemy hands.  The hardware itself resists attack.

"The enemy knows my algorithm" is akin to "the enemy will figure out my attack plan".  Yes, you try to keep the attack plan secret.  But it will eventually become clear to the enemy, and you'd better be prepared for what happens when it does.  That doesn't mean you don't do your damnedest to keep the plans secret until the last possible moment.

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141002/0bb6c7ab/attachment.bin>


More information about the cryptography mailing list