On Information Security — Secrecy

  1. Cryptographic system should be indecipherable: What this means is that the system should be so difficult break that enciphered message will be sufficient to ensure the secrecy. In other words, encrypted message will no longer need to be guarded because the enemy will not be able to retrieve anything meaningful from it. This concept becomes the basis for the security premise of cryptographic systems.
  2. It should not be necessary to keep the system secret: Until then, everything about secret information was supposed to be kept in secret; not only message itself but also its source, destination, and algorithm that generates the secret information. Kerckhoff, however, declared that secrecy of the system should be separate from the secrecy of information. It allowed cryptographic system to be openly exposed to the public.
  3. System should be convenient to use: Kerckhoff argued that the system should be portable, communicable, and applicable so that its operation can be conducted without too much stress. It seems that he obviously considered that this technology should be used more widely than for secret letters of a few lords.
  1. Cryptographic hash function: It is also called one way trapdoor function. The idea was frequently tossed around in as 1970s but its designing principle and practical implementation were given much later. The basic is to first pad the message to make it to a group of uniform length, and apply rounds of symmetric cryptography. The result is fixed-length data that is unique to the input data. As consequence from these characteristics, there are two primary utility of cryptographic hash function: one is standardization and the other is tamper-proof. Standardization comes from the characteristics of fixed-length. It turns every data into a fixed length which saves the space and standardizes the saved data. Tamper-proof means one cannot change the original data that is already passed around. Because it is unique for each input, if anyone change the original data, the result will come out different from the initial data. In the end, however, cryptographic hash function still requires a way to exchange the result in a secure way. For this reason, by itself, either the result or the original needs to be kept in secret.
  2. Steganography: Steganography is often known under the principle of “Security through obscurity”. It can be said that the objective of cryptography is to obfuscate the message. Both sender and receiver of the message knows that cryptography is applied and needs the secret key to read the message. On the other hand, the objective of steganography is to conceal that there is a secret message to begin with. In other words, when one sends a file, one may hide a secret message inside the file. In this case, sender knows that there is a secret message hidden in the file whereas the receive may not even realize that there is a secret message. In addition, it requires a technology to find out the existence of the secret message. The most common usage of steganography is digital watermarks. It could prove the ownership or digital right that cannot be erased unless you are the original sender.




커뮤니티를 만들고 운영합니다

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Data Brokers Operate “Data Removal” Websites (In Secret)

News | Intel TEE Vulnerability CVE-2020–0548/0549 Has Been Fixed

The Looming Security Debt Crisis.

Lebanese Security’s Hacking Shopping List Since 2013

{UPDATE} Solisquare Hack Free Resources Generator

The story of stolen Slovak national Top Level Domain .SK

EOS Multisig Added on BITHD!

How to Build Successful Cryptocurrency Exchange Software

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


커뮤니티를 만들고 운영합니다

More from Medium

58 — Securing DNS with Peter Lowe of DNSFilter

dog is a nice DNS client tool like dig!

Roadmap to the world of networking and network security

Load Balancer