$\begingroup$

Closed. This question is . This question is opinion-based . It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 5 years ago. Improve this question

According to Kerckhoffs's principle "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge." Now I want to throw in a provoking formula of mine which refutes Kerckhoff's principle which he formulated in 1883, and come up with a new and updated principle for encryption in our 21st century.

My new and provoking principle is formulated as follows:

"No cryptosystem is secure, whether the system is public knowledge or not, unless the amount of time $T$ and the cost/capability $C$ to break the key are too high to maintain for an attacker."

In simple words this means: If it takes a shitload of time, in terms of years and decades, and a great amount of money and effort, in terms of buying fast hardware for brute-force-attacks and employing talented cryptanalysts to crack your secret key, then you can consider your encrypted data temporarily secure.

And that's the catch: temporarily secure only !

Because if some other attacker comes along with a faster hardware and more sophisticated cryptanalysis or hacking method in the future, thus reducing the crack time $T$ and effort $C$ down to a few days and dollar peanuts only, then you are not secure anymore!

Or if some big guy comes along. The most obvious example is the NSA (National Security Agency) which we cryptographers consider our arch opponent. They have an unlimited budget of billions (or perhaps even trillions) of dollars each year to buy the latest and fastest in computer hardware in huge quantities and they likely employ and pay the best cryptanalysts in the world. Today it is known that key lengths below 2048-bit are not sufficient enough anymore to withstand hardcore brute-force attacks performed by the government. And by "hardcore" I mean best and fastest hardware available in the best configuration to crack a key. And from what I have heard, the NSA are currently investing in the research and development of quantum computers (supercomputers) which are going to be so lightning-fast that they may even crack 4096, 8192 and longer bit keys in no time. Good documentaries and reports on quantum computers can be found on Youtube, for instance.

Now you may ask yourselves why my formulated principle stated above is provoking for us cryptographers and crypto developers? I think it is, because it basically means that cryptography is useless for keeping secrets. And THAT is a provoking and strong statement, isn't it!

Because the only thing standing in the way of attackers to crack your keys and read your secret messages or decrypt your secret data is the strength of your keys and how long it takes to break them! But they will be broken anyway sometime! That's my point.

So the question is: Does it all refute Kerckhoffs's principle? What do you think, can any cryptosystem and key be cracked these days with sufficient enough hardware and software resources? And human resources (cryptanalysts) for that matter.

This is a question which can be answered by either Yes or No. And if you do so please eleborate in detail. Don't just give a short Yes/No answer.

P.S. I also like to give my own answer to this question which goes as follows: Yes, the new principle refutes Kerckhoff's outdated principle, because a) Kerckhoff lived in 1883 and didn't know about computing technology and power in 2014 and b) Kerckhoff just assumed that keeping the key secret "should" be enough to keep the cryptosystem secure; and that I think is a wrong design principle or however you want to call it, because it is not enough to make the key secret, you also have to make the key strong enough to withstand fast brute-force-attacks and sophisticated cryptanalysis. And on top of that, the new principle refutes Kerckhoff's principle even further by saying that all cryptosystems and all keys are insecure actually, because the better and faster the computing techniques to break the key the more insecure the keys become! Again, my own answer in short is: Yes, Kerckhoff's principle is refuted by the new principle. But everyone can have his/her own opinion. If someone answers with NO, then okay, I'm fine with that too. It seems that such people have strong illusions about the secrecy of their encryption keys and don't want to admit the power of brute-force and cryptanalysis and thus say such observations would be "irrelevant". I think it is not irrelevant for users out there who used 2048-bit keys for instance, thought or were told that they were secure but still got cracked never the less. Actually I think my topic is highly controversial. ;)