Skip to main content
SpringerLink
Log in

Law 3: No Security Through Obscurity

  • Chapter
  • First Online:
Ten Laws for Security

Abstract

The robustness of a cryptographic system should rely on the secrecy of its key rather than on the secrecy of its algorithm. As such, a strong assumption is that if an attacker knows the algorithm used, she should gain only a minimal advantage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 79.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Military Cryptography (in French).

  2. 2.

    From its inception, DES has resisted to an advanced cryptanalysis method called differential cryptanalysis. IBM’s Lucifer was not resistant to this attack. The modifications made DES resistant to differential cryptanalysis. Interestingly, the academic community did not find out about differential cryptanalysis until the late 1980s [154]. In 1994, Don Coppersmith, who was part of the design team of DES, confirmed that the NSA already knew about differential cryptanalysis in 1974 and that they had helped to make DES resistant to this “unknown” attack [155].

  3. 3.

    DES was not optimized for efficient software implementations. Hardware implementations were straightforward and could be fast, but software implementations were laborious (for instance, due to the use of modulo 32 operations).

  4. 4.

    One of the designers of the Keccak algorithm, Joan Daemen, is also one of the two designers of the AES.

  5. 5.

    Depending on the licensing model, there may be some obligation to publish the modifications. For instance, an open source project licensed under GPL3 requires the publication of all derivative works.

  6. 6.

    Designers of military applications may have a different opinion.

  7. 7.

    For instance, for the DES algorithm.

  8. 8.

    Of course, assuming that the method is legal.

Author information

Authors and Affiliations

  1. Sony Pictures Entertainment, Culver City, California, USA

    Eric Diehl

Authors
  1. Eric Diehl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eric Diehl .

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Diehl, E. (2016). Law 3: No Security Through Obscurity. In: Ten Laws for Security. Springer, Cham. https://doi.org/10.1007/978-3-319-42641-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-42641-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-42639-6

  • Online ISBN: 978-3-319-42641-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation