Is Open-Source Cryptography Really Secure?
By Lane Wagner – @wagslane on Twitter The purpose of cryptography is to keep information private, and the purpose of open-source is to make code public… …Danger! Just kidding. I’ve been asked this several times by multiple people so I figured it is a subject worth addressing. Many developers seem to be under the impression that crypto and security systems (the application-specific implementation of cryptosystems) are more secure if their details are kept private. This can’t be further from the truth According to Kerckhoffs’s principle , also known as Shannon’s maxim: The enemy knows the system. One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them. #security #opensource #privacy Click To Tweet There are several reasons as to why this is a good rule to live by, let’s examine each one. 1. Obfuscation Isn’t Encryption If a developer is operating under the assumption that attackers won’t know about the det...