[Cryptography] traffic analysis -> let's write an RFC?, and sunlight

Jerry Leichter leichter at lrw.com
Tue Feb 3 19:35:39 EST 2015


On Feb 3, 2015, at 5:22 PM, Salz, Rich <rsalz at akamai.com> wrote:
>> I was told years ago that the cryptography group within NSA had as a
>> standard that no crypto system could be considered secure unless I could
>> give you all the details as to how it works and you still could not break it.
> 
> Kerckhoff 1883
> Shannon 1949
>      -- http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
> 
> Counter-point: the NSA still classifies many of their crypto algorithms.
I've always read this is a matter of defense in depth.  Why give your opponents a leg up?  If you can keep them in the dark about how the system you're using works, they have a harder time breaking it.

Also ... if the system *really* is secure against attack by anyone, including its maker, when the key is unknown ... why would you hand it to your opponent?  He can then use it and keep *you* out.

                                                        -- Jerry



More information about the cryptography mailing list