![]() Since the encryption algorithm is the foundation of most security products, a vendor should be proud to show you their algorithm. Whether it be Triple-DES, Twofish, SERPENT, CAST 256 or IDEA, or any other open encryption algorithms - any vendor that has something to hide in their algorithm should be questioned. There hardly seems to be a valid reason why any reputable security vendor in 1999, let alone in 2010, would waste their time developing a proprietary algorithm when there are so many efficient and capable publicly-available algorithms. Vendors that refuse to reveal their algorithms should be dropped. Keeping an algorithm concealed is no proof of safety. It should be built into RFPs, contracts and the like. Using Kerckhoffs principle, every organization that is using encryption functionality, be it in hardware or software, should make the first rule of their encryption selection to avoid any software that uses a secret algorithm. The specifics are known as Kerckhoffs' Principle, after Auguste Kerckhoffs, who observed in 1883 that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. The paradoxical issue about encryption algorithms is that their true strength is only manifest after extensive and critical open peer review. Whoever said that there is no such thing as a free lunch never had in mind encryption algorithms.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |