2

Cryptography books say that you should expose your encryption/decryption algorithm to test it against attacks and cryptanalysis, and the non-exposed algorithm is not considered strong as it is not tested against attacks, but they say also that the security of the cryptographic algorithm depends mainly on the key length and key random distribution to protect it against brute force attack and mathematical analysis of the key.

My question is why do we need to expose our algorithm while it depends mainly on the key length, if my key was long enough and truly randomized, so what is the benefit of knowing the algorithm?

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179
Dorgham
  • 962
  • 1
  • 9
  • 17
  • 4
    A *flawless* algorithm is as good (*waves hands*) as the elements you mention. A *flawed* algorithm can be broken with shortcuts that don't require exploring the entire keyspace. Exposing your algorithm will help determine whether or not it's flawed. – Michael Petrotta Mar 31 '13 at 01:40
  • 3
    With cryptography - where presumably important information is locked away - there is no such thing as "security through obscurity". The algorithm may be trivially flawed in ways past a simple hand-waving at "key length". For instance, take a simple XOR algorithm - take a large key-length. Feed in a series of data and observe the output. Crack. Remember that even some industry secure protocols have been proven to be broken - remember [WEP](http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy#Flaws)? –  Mar 31 '13 at 01:42
  • but the point is that the reviewed algorithm is exposed to everyone now as I understand, so every hacker knows the algorithm and how to reverse it, which means no difference from my hiden algorithm when hacked. if I misunderstand something tell me. @pst – Dorgham Mar 31 '13 at 01:57
  • 1
    @MohammadDorgham Thilo already explained it (twice) in reply comments to he left on his own answers. –  Mar 31 '13 at 02:01
  • 4
    If you review and understand a flawed algorithm, you might be able to reverse it more easily than you would had you not reviewed it. Understanding a flawless algorithm won't help you reverse it *at all*. Kinda the beauty of (good) crypto. – Michael Petrotta Mar 31 '13 at 02:01

1 Answers1

5

The benefit of knowing the algorithm is that you don't have to trust the maker that it is really secure.

If I know that the algorithm being used has been massively tested and peer-reviewed, and the general consensus is that it is secure, then that gives me more confidence in the system.

The opposite approach is called "security to obscurity" and totally depends on no one ever finding out how things work. And if they do (as hackers are wont to), you have a problem.

In theory, it makes no difference if you share the details of your new secure algorithm with anyone else or not. But in practice, that is the only way to find out if it really is secure, and the only way to make others trust your algorithm.

The point is that a secure algorithm can only be attacked by brute forcing (which can be made infeasible with long keys). But not all algorithms are secure. They can be broken with much less effort than brute-forcing keys. If you don't get your algorithm reviewed, we won't believe you that it is secure (and neither should you, brilliant minds have failed at these things before).

Thilo
  • 257,207
  • 101
  • 511
  • 656
  • I mean .. they expose the proposed algorithm to test it so it is known now ... so what will be the difference when I hide my own algorithm and was hacked by cryptanalysts and knew its details ?? at the end it would depend on the key length to prevent brute force attack and true random key to prevent mathematical analysis. – Dorgham Mar 31 '13 at 01:48
  • 3
    No! The point is that a *secure* algorithm can only be attacked by brute forcing (which can be made infeasible with long keys). But not all algorithms are secure. They can be broken with much less effort than brute-forcing keys. If you don't get your algorithm reviewed, we won't believe you that it is secure (and neither should you, brilliant minds have failed at these things before). – Thilo Mar 31 '13 at 01:50
  • but the point is the reviewed algorithm is exposed to everyone now as I understand, so every hacker knows the algorithm and how to reverse it, if I misunderstand something tell me. – Dorgham Mar 31 '13 at 01:54
  • 4
    You know all the details of AES. Now go ahead and break it. If the algorithm is *secure* than you cannot "reverse" it, even if you know all the details. Only knowing the key will help you. That is the definition of a "secure algorithm". – Thilo Mar 31 '13 at 01:55
  • 1
    In theory, it makes no difference if you share the details of a secure algorithm with anyone else or not. But in practice, that is the only way to find out if it really is secure, and the only way to make others trust your algorithm. – Thilo Mar 31 '13 at 01:58
  • I am beginner in cryptography and don't know the details of AES, but do you mean that the algorithm is designed in a way that can not be reversed ? – Dorgham Mar 31 '13 at 02:01
  • 2
    @Mohammad, if AES is designed well, it'd need to be brute-forced to reverse (assuming you don't have the key, of course). With large keys, that would take a while. Multiple-age-of-the-universe while. – Michael Petrotta Mar 31 '13 at 02:03
  • As a final comment to round things off (and probably add to your confusion), a flawless algorithm itself may not be enough if the key space is too small. Consider MD5. There is no problem with the algorithm at all (I think). But it cannot be used for high-security applications anymore, because modern hardware can just brute-force the thing. So you always need both: A good algorithm, and enough key complexity to make brute-forcing (the only way to attack it) infeasible. – Thilo Mar 31 '13 at 02:07
  • 1
    @Thilo: MD5 actually has [a serious basic algorithmic flaw](http://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities). – Michael Petrotta Mar 31 '13 at 02:11
  • thanks for answers and comments from all of you, I accepted the answer after getting the idea from the discussion in comments, so could you please edit your answer and rephrase all info in comments to be in one place for whoever comes after @thilo – Dorgham Mar 31 '13 at 02:11
  • 1
    @MichaelPetrotta: Ouch. Bad example then. But I think the point still stands. And, of course, good example for how hard it is to make a good algorithm. – Thilo Mar 31 '13 at 02:13
  • 1
    Oh, no kidding there. If anyone is thinking about building their own crypto algorithm, **don't**. Use something already out there. If you *really* want to, go meditate over *Applied Cryptography* in the mountains of Nepal for a decade, *then* maybe consider it. – Michael Petrotta Mar 31 '13 at 02:15