Security When the Enemy Knows the System

So if the entire implementation of our cryptosystems is known to the adversary, how can we be secure? The adversary can just run our code after all.

The key is key

The key is key. Encryption algorithms don’t just take plain text as input, they take a key as well. A well-written encryption algorithm will produce wildly different outputs when encrypting a given plaintext with keys that differ only slightly. The key is the only part that needs to be kept secret. Rather than keeping an entire algorithm secret, we just need to keep our key secret.

An encryption algorithm should be so strong that even if an attacker had full access to the source code, the attacker would have no better option than to brute force all possible passwords. We won’t cover how the encryption libraries recommended in this chapter achieve this goal. We’ll merely note that they’ve been found to do so.

If we’ve built a system like this, all the implementer has to do is to pick a suitably large random encryption key. Encryption keys are commonly $256$ bits. That means that there are $2^{256}$ possible values for an encryption key. That’s $2 \times 2 \times ... \times 2$ ...