If Kerckhoff's Principle holds, why do we need a cipher at all?
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
asked 3 hours ago
Will Burghard
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
asked 3 hours ago
Will Burghard
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
3 hours ago
4
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 hours ago
add a comment |
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
asked 3 hours ago
Will Burghard
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
encryption algorithm-design keys
asked 3 hours ago
Will Burghard
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
Will Burghard
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
Will Burghard
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
Will Burghard
211
asked 3 hours ago
Will Burghard
211
211
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
3 hours ago
4
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 hours ago
add a comment |
1
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
3 hours ago
4
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 hours ago
1
1
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
3 hours ago
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
3 hours ago
4
4
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 hours ago
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 hours ago
add a comment |
2 Answers
2
active
oldest
votes
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 3 hours ago
Ella Rose♦
15k44178
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 1 hour ago
Paul Uszak
7,01511534
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66162%2fif-kerckhoffs-principle-holds-why-do-we-need-a-cipher-at-all%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 3 hours ago
Ella Rose♦
15k44178
add a comment |
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 3 hours ago
Ella Rose♦
15k44178
add a comment |
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 3 hours ago
Ella Rose♦
15k44178
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 3 hours ago
Ella Rose♦
15k44178
edited 3 hours ago
answered 3 hours ago
Ella Rose♦
15k44178
answered 3 hours ago
Ella Rose♦
15k44178
answered 3 hours ago
Ella Rose♦
15k44178
15k44178
add a comment |
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 1 hour ago
Paul Uszak
7,01511534
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 1 hour ago
Paul Uszak
7,01511534
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 1 hour ago
Paul Uszak
7,01511534
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 1 hour ago
Paul Uszak
7,01511534
edited 45 mins ago
answered 1 hour ago
Paul Uszak
7,01511534
answered 1 hour ago
Paul Uszak
7,01511534
answered 1 hour ago
Paul Uszak
7,01511534
7,01511534
add a comment |
add a comment |
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66162%2fif-kerckhoffs-principle-holds-why-do-we-need-a-cipher-at-all%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
3 hours ago
4
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 hours ago