Reputation: 972
Why is it recommended to make crypto algorithms public?
Cryptography books say that you should expose your encryption/decryption algorithm to test it against attacks and cryptanalysis, and the non-exposed algorithm is not considered strong as it is not tested against attacks, but they say also that the security of the cryptographic algorithm depends mainly on the key length and key random distribution to protect it against brute force attack and mathematical analysis of the key.
My question is why do we need to expose our algorithm while it depends mainly on the key length, if my key was long enough and truly randomized, so what is the benefit of knowing the algorithm?
Upvotes: 3
Views: 2170
Answers (2)
Reputation: 21
Fundamental truth of cryptography is that encryption shouldn't rely on keeping the algorithm secret, instead it should depend on the encryption key & only the encryption key.
Imagine this, if everyone used a secret algorithm to encrypt data then the discovery of that algorithm would put the whole world’s data at risk. However, if the encryption key is compromised then it would only risk data that was encrypted with that particular key.
Also, open algorithms are peer reviewed, stress tested and keep on improving with time leaving no scope for malpractices.
Upvotes: 0
Reputation: 262464
The benefit of knowing the algorithm is that you don't have to trust the maker that it is really secure.
If I know that the algorithm being used has been massively tested and peer-reviewed, and the general consensus is that it is secure, then that gives me more confidence in the system.
The opposite approach is called "security to obscurity" and totally depends on no one ever finding out how things work. And if they do (as hackers are wont to), you have a problem.
In theory, it makes no difference if you share the details of your new secure algorithm with anyone else or not. But in practice, that is the only way to find out if it really is secure, and the only way to make others trust your algorithm.
The point is that a secure algorithm can only be attacked by brute forcing (which can be made infeasible with long keys). But not all algorithms are secure. They can be broken with much less effort than brute-forcing keys. If you don't get your algorithm reviewed, we won't believe you that it is secure (and neither should you, brilliant minds have failed at these things before).
Upvotes: 6
Related Questions
- Reasons to use private instead of protected for fields and methods
- Practical applications of homomorphic encryption algorithms?
- Why are hashing algorithms safe to use?
- Why a method must be public?
- Why do so many foss libraries make their classes public and not final?
- When can you trust yourself to implement cryptography based solutions?
- Secret computing: does such an animal exist?
- New cryptographic algorithms?
- Security when source code is public
- Why do you need lots of randomness for effective encryption?