[Cryptography] crypto standards and principles
John Denker
jsd at av8n.com
Tue Feb 3 17:46:23 EST 2015
On 02/03/2015 12:05 PM, Robert L Wilson wrote:
> I was told years ago that the cryptography group within NSA had as a
> standard that no crypto system could be considered secure unless I
> could give you all the details as to how it works and you still could
> not break it.
That's been the rule since before the NSA was the NSA.
++ The secrecy should be in the keys. In contrast, the
method "should not require secrecy, and it should not
be a problem if it falls into enemy hands."
-- Auguste Kerckhoffs (1883)
++ "In the long run it was more important to secure one's own
communications than to exploit those of the enemy."
-- Frank Rowlett (1942)
++ "The enemy knows the system."
-- Claude Shannon (1949)
The NSA was not created until late 1952. I believe Rowlett
was its Technical Director on Day One.
https://www.nsa.gov/about/cryptologic_heritage/hall_of_honor/1999/rowlett.shtml
Be that as it may ... the NSA still keeps secret the workings
of its own most-advanced systems. AFAICT there are only two
possible explanations for this:
1) They think their best system might get broken if the
adversaries found out how it worked.
2) Many other systems are already broken, and they don't
want unbreakable crypto to fall into the hands of others.
This surely leaves friendly non-top-secret communications
vulnerable, in violation of Rowlett's maxim.
Either way, it's not very flattering to the NSA.
More information about the cryptography
mailing list