Tuesday, January 14, 2014

Understanding the Kerckhoffs's principle

Crypto has been around for thousands of years. The Kerckhoffs's principle is a must know in regards to cryptology.  Basically, this principle was 1st defined by a Dutch cryptographer that said; “ the crypto systems can be public information, well known , and fully researched, but yet without the knowledge of the key, the data is 100% secured”

Okay, how does that apply in today’s world ?

Easily, taken anything that we use today, like the widely used AES128 encryption.

  • ·      It's public information/ knowledge 
  • ·      Source and public papers are available to anybody
  • ·      opensource code and libraries, are common knowledge
  • ·      openly reviewed & challenged

But yet, it’s one of the most secured encryption algorithm  in used today &  by a lot of individuals, groups, and organizations.

The above can be said about  GNUpg encryption.

By publishing encryption algorithm methods, this beneficial for all.

When a new encryption algorithm is created, the authors allows for the public sector to scrutinize  the code. This helps in identifying flaws, improvements and fixes.

Using GNUpg for this example, we know that all of the source code is available for anyone to review and inspect. GNUpg is very secured and highly accepted in the open community.

So bottom line;  

" keeping the secret a secret,  is  really the big secret in IT security  "

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   X   X  )=
       /     \

No comments:

Post a Comment