Free Lunch 2010: Why Public Algorithms Beat the Alternative

Ben Rothke explains why vendors should be dropped when they refuse to reveal their algorithms.

By Ben Rothke, CISSP PCI QSA

January 19, 2010 — CSO —

In February 1999 I wrote a magazine article entitled, "Free Lunch" that focused on the Advanced Encryption Standard (AES) selection process and the need to avoid proprietary cryptographic algorithms.

The uniqueness of the entire AES process was that it was akin to a large town meeting -- the process was open to the public and anyone could have submitted an algorithm for review.

One of the complaints against DES (data encryption standard), the standard AES was replacing, was that the NSA clandestinely hid a backdoor in the algorithm. To downgrade all conspiracy theories, the NSA decided not to submit any algorithms to NIST during the AES selection process. Rather, they acted as an impartial arbitrator in the process. Notwithstanding, it is implausible that NIST would have approved anything without the divine sanction of the NSA. The foremost effect of AES is that it clearly demonstrated that the entire encryption and security industry started to favor public-based algorithms.

Whoever said that there is no such thing as a free lunch never had in mind encryption algorithms. The paradoxical issue about encryption algorithms is that their true strength is only manifest after extensive and critical open peer review.

The specifics are known as Kerckhoffs' Principle, after Auguste Kerckhoffs, who observed in 1883 that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Using Kerckhoffs principle, every organization that is using encryption functionality, be it in hardware or software, should make the first rule of their encryption selection to avoid any software that uses a secret algorithm. It should be built into RFPs, contracts and the like. Keeping an algorithm concealed is no proof of safety. Vendors that refuse to reveal their algorithms should be dropped.

There hardly seems to be a valid reason why any reputable security vendor in 1999, let alone in 2010, would waste their time developing a proprietary algorithm when there are so many efficient and capable publicly-available algorithms. Whether it be Triple-DES, Twofish, SERPENT, CAST 256 or IDEA, or any other open encryption algorithms -- any vendor that has something to hide in their algorithm should be questioned.

Since the encryption algorithm is the foundation of most security products, a vendor should be proud to show you their algorithm. The reality is, for those who adamantly refuse to reveal their algorithm, one can reverse engineer the software code (albeit this may be illegal in some jurisdictions) to reveal the guts of it.

• Print