Crypto has been
around for thousands of years. The Kerckhoffs's principle is a must know in regards to cryptology. Basically,
this principle was 1st defined by a Dutch cryptographer
that said; “ the crypto systems can be public information, well known , and fully
researched, but yet without the knowledge of the key, the data is 100% secured”
Okay, how does that
apply in today’s world ?
Easily, taken
anything that we use today, like the widely used AES128 encryption.
- · It's public information/ knowledge
- · Source and public papers are available to anybody
- · opensource code and libraries, are common knowledge
- · openly reviewed & challenged
But yet, it’s one of
the most secured encryption algorithm in used today
& by a lot of individuals, groups, and
organizations.
The above can be said about GNUpg encryption.
By publishing encryption algorithm methods, this beneficial for all.
When a new encryption algorithm is created, the authors allows for the public sector to scrutinize the code. This helps in identifying flaws, improvements and fixes.
Using GNUpg for this example, we know that all of the source code is available for anyone to review and inspect. GNUpg is very secured and highly accepted in the open community.
So bottom line;
" keeping the secret a secret, is really the big secret in IT security "
When a new encryption algorithm is created, the authors allows for the public sector to scrutinize the code. This helps in identifying flaws, improvements and fixes.
Using GNUpg for this example, we know that all of the source code is available for anyone to review and inspect. GNUpg is very secured and highly accepted in the open community.
So bottom line;
" keeping the secret a secret, is really the big secret in IT security "
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( X X )=
o
/ \
No comments:
Post a Comment