What is the function of key secrecy and algorithm secrecy in security?
Algorithm Secrecy is explained as follows:
‘Algorithm secrecy’ is a method of keeping an algorithm secret from unauthorized users. A concept which is based on the secrecy of the algorithm is frequently referred to as secrecy through obscurity, which gives us security by hiding the data in the obscure location. But, the system using this concept might suffer from number of security vulnerabilities. The disadvantage of using algorithm secrecy is that it is not easy to maintain the secrecy of the system because when algorithms are known by the unauthorized users, an totally new secret algorithm is to be developed for performing the encryption and decryption of cipher text. Additionally to algorithms, it would be essential to change keys as well.
Key Secrecy is explained below:
In cryptography, a key refers to a small piece of information with which the functional result of the cryptographic algorithm is recognized. When a key is not used, the algorithm will not create any result. In encryption, a key is used to transform the plaintext into cipher text or vice versa in case of decryption. Several cryptographic algorithms such as message authentication codes and digital signature schemes use key for purpose of security. “Key” security can be simply managed when compared to “encryption algorithm” protection. Though, the length of the key should be as long as possible so as to give us a strong security.
When the key is known by the unauthorized users, it can be simply changed. Therefore, the security of an encryption system mainly depends on a certain key, which is being kept secret.
`Practically, it is hard to provide key secrecy in cryptography. For example, when an attacker attains the key, the original message can be retrieved from encrypted data.
Encryption algorithms which make use a similar key for performing encryption and decryption both is referred to as symmetric key algorithms. The other public key cryptographic algorithms which make use of two different keys for encryption and decryption are called as asymmetric key algorithms. In asymmetric key algorithms, one key is made public, and the other is kept private. Thus, it is extremely complicated for the unauthorized users to determine the private key even if the corresponding public key is known. A user of public key technology keeps the private key secret and discloses public key so that anybody can send them an encrypted message.