Encryption. Should we hope that the algorithm is unknown to anyone?

K

ksanvat2014-01-12 14:33:59

Encryption

ksanvat, 2014-01-12 14:33:59

There is some information that is encrypted using a symmetric algorithm. So, is it worth hoping that the algorithm is not known to anyone, provided that it will be actively spinning on the server?
PS: do not offer answers like "use existing crypto-resistant algorithms".

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Vladimir Dubrovin, 2014-01-12
@z3apa3a

The security of information should be based only on the knowledge of the key and not depend on whether the algorithm is known or not ( Kerckhoffs Principle , 19th century).

B

bak, 2014-01-12
@bak

No, it's not worth it. This approach is called security through obscurity and is an anti-pattern of cryptography.

B

BearUA, 2014-01-13
@BearUA

The first thing taught in any cryptography course is to NEVER use proprietary or self-written crypto-algorithms or their implementations. Only open-source and hack-tested crypto libraries can guarantee reliability. Given that these libraries are open and free, it is extremely difficult to think of reasons to invent your own bicycles.

S

Spetros, 2014-01-12
@Spetros

Security is related to the value of your data to an attacker. There are techniques for analyzing the cipher for unknown algorithms. In the event of a program code leak, for example, when a server is hacked, the algorithm itself can be restored and analyzed.

A

Andrew, 2014-01-12
@OLS

A well-written substitution algorithm for symmetric encryption does not allow one to figure out the algorithm from the intercepted "plaintext/ciphertext" pairs. As long as the code is not leaked, you can consider the scheme safe.