Secret Algorithms or Secret Keys?

The techniques for achieving security are usually based on a mathematically complex algorithm itself in the public domain or whose underlying logic is in the public domain. This may not matter to youunless you're the one picking the algorithm! In fact, choosing an algorithm can be so daunting that you might not want to do it at all

You might think that a secret algorithm would be the ultimate in security. After all, one of the best kept secrets of World War II was the Enigma machine, which the Germans used to encrypt and decrypt information. It was only after an Enigma machine was captured intact that the Allies were finally able to start decoding messages. This is why you shouldn't use a secret algorithm. Generally, "security through obscurity" is one of the weakest forms of security available as your secret algorithm can be found, reverse-engineered, or leaked. Given the tremendous ongoing improvements in raw computing power, no algorithm is safe from a brute force cracking attempt. A better choice than a secret algorithm is any of the excellent publicly available algorithms. Public algorithms are under continuous scrutiny. In fact, many mathematicians are hoping to make a name for themselves by finding a cracking method that doesn't require brute force (i.e., try every key).

Smart security managers avoid any product or service that uses a secret security algorithm, because it provides no guarantees . On the other hand, secret keys are used all the time and nobody has any issue with them.

It can be tempting to come up with your own encryption algorithm, but it's pointlesseven if your algorithm is significantly better than others, nobody is going to spend time and money to verify that. Use standard algorithms and secret keysuntil quantum computers are readily available, you'll be perfectly safe.

Beyond Software Architecture[c] Creating and Sustaining Winning Solutions
Beyond Software Architecture[c] Creating and Sustaining Winning Solutions
ISBN: 201775948
Year: 2005
Pages: 202 © 2008-2017.
If you may any questions please contact us: