On 05/06/2012 08:02 PM, Jeff L wrote:
> On May 6, 9:18 pm, FireXware <n...@none.invalid> wrote:
>> On 05/06/2012 05:22 PM, Jeff L wrote:
>>
>>> On May 5, 11:12 am, "David Eather" <
eat...@tpg.com.au> wrote:
>>> <snip>
>>> You might understand how and why
>>>> you coded your encryption function a particular way but nobody else will.
>>
>>> Isn't that the idea behind encyrpting something? If the fact that a
>>> cipher isn't based on an algorithm makes it harder to break, isn't
>>> that a good thing?
>>
>> No, see:
http://en.wikipedia.org/wiki/Kerckhoffs's_principle
>
> I'm note trying to be argumentative, but I don't see how anyone knows
> that K's principle is necessarily the gospel truth. Using his
> principle, one of the most famous and effective methods of passing
> coded messages in history would be considered a failure. I'm speaking
> of course about the U.S. using Native Americans to pass messages
> during the WWII.
Relative to our time, they are insecure. That doesn't mean they are/were
useless, it just means we can/should do better. I am not familiar with
that bit of American history, but I think I can safely assume it would
have been more secure to transmit messages over a copper wire encrypted
with AES. History has shown very well that trying to keep the algorithm
secret more often than not leads to failure (Enigma, GSM, etc.)
>
> Part of me understands the theory behind the axiom, and the need for
> the method to still work even if the secret of it is discovered, but
> the other part of me says how different is that than the enemy
> discovering the key instead of the algorithm.
If you COULD keep the algorithm a complete secret (and by complete
secret, I mean that no matter how many chosen plaintexts and chosen
ciphertexts an attacker is able to get, he doesn't learn a single bit
about what the algorithm does), then it could be as secure as keeping a
key secret. The problem with that is it's MUCH harder to keep an
algorithm secret than a key, and when the algorithm is compromised, you
have to design a whole new algorithm instead of just generating another
random key.
For example, if you are communicating with soldiers on the battlefield,
it's very likely that their devices will be captured by the enemies and
analyzed. If your algorithm's security depends on its secrecy, the enemy
can now listen in on your communications. If OTOH, your algorithm has
been public for 10 years and experienced cryptographers have been
putting a lot of effort into trying to break it, you don't have to worry
so much about the enemy capturing the crypto devices. If you keep the
algorithm secret and try to cryptanalyze it yourself, you still have to
worry because the enemy might have better cryptanalysts.