[Cryptography] traffic analysis -> let's write an RFC?, and sunlight
Jerry Leichter
leichter at lrw.com
Tue Feb 3 19:35:39 EST 2015
On Feb 3, 2015, at 5:22 PM, Salz, Rich <rsalz at akamai.com> wrote:
>> I was told years ago that the cryptography group within NSA had as a
>> standard that no crypto system could be considered secure unless I could
>> give you all the details as to how it works and you still could not break it.
>
> Kerckhoff 1883
> Shannon 1949
> -- http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
>
> Counter-point: the NSA still classifies many of their crypto algorithms.
I've always read this is a matter of defense in depth. Why give your opponents a leg up? If you can keep them in the dark about how the system you're using works, they have a harder time breaking it.
Also ... if the system *really* is secure against attack by anyone, including its maker, when the key is unknown ... why would you hand it to your opponent? He can then use it and keep *you* out.
-- Jerry
More information about the cryptography
mailing list