If Kerckhoff's Principle holds, why do we need a cipher at all?












3














I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?






encryption algorithm-design keys







share|improve this question







New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
    – Ella Rose
    1 hour ago






  • 3




    Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
    – marcelm
    31 mins ago
















3














I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?






encryption algorithm-design keys







share|improve this question







New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
    – Ella Rose
    1 hour ago






  • 3




    Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
    – marcelm
    31 mins ago














3












3








3







I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?






encryption algorithm-design keys







share|improve this question







New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?






encryption algorithm-design keys




encryption algorithm-design keys






share|improve this question







New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 1 hour ago









Will Burghard

161




161




New contributor




Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
    – Ella Rose
    1 hour ago






  • 3




    Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
    – marcelm
    31 mins ago














  • 1




    Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
    – Ella Rose
    1 hour ago






  • 3




    Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
    – marcelm
    31 mins ago








1




1




Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose
1 hour ago




Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose
1 hour ago




3




3




Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
31 mins ago




Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
31 mins ago










1 Answer
1






active

oldest

votes


















9















...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?




Designing a cipher is significantly less hassle then using a ridiculously long key.



Designing a cipher only needs to be done once by a competent professional.



Using a ridiculously long key would need to be:




  • Done by all parties


    • "all parties" includes everyone with a networked electronic device

    • Almost all of them are not competent professionals

    • Requires a pre-existing secure channel, or more likely a face-to-face meeting


      • "secure channel" must not use encryption, otherwise the problem is circular





  • Done pairwise for each group of communicating parties


    • e.g. You have to go through the key establishment process for every particular site you want to visit

    • A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)



  • Done repeatedly


    • You will eventually run out of key material

    • Your keys could become compromised


      • Updating them in a useful time frame will be next to impossible





  • Destroyed securely after use


    • Re-using any part of the key will lead to a practical lose of confidentiality


      • In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key






It simply would not work in practice. A proper cipher will.






share|improve this answer























    Your Answer





    StackExchange.ifUsing("editor", function () {
    return StackExchange.using("mathjaxEditing", function () {
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    });
    });
    }, "mathjax-editing");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "281"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66162%2fif-kerckhoffs-principle-holds-why-do-we-need-a-cipher-at-all%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    9















    ...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?




    Designing a cipher is significantly less hassle then using a ridiculously long key.



    Designing a cipher only needs to be done once by a competent professional.



    Using a ridiculously long key would need to be:




    • Done by all parties


      • "all parties" includes everyone with a networked electronic device

      • Almost all of them are not competent professionals

      • Requires a pre-existing secure channel, or more likely a face-to-face meeting


        • "secure channel" must not use encryption, otherwise the problem is circular





    • Done pairwise for each group of communicating parties


      • e.g. You have to go through the key establishment process for every particular site you want to visit

      • A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)



    • Done repeatedly


      • You will eventually run out of key material

      • Your keys could become compromised


        • Updating them in a useful time frame will be next to impossible





    • Destroyed securely after use


      • Re-using any part of the key will lead to a practical lose of confidentiality


        • In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key






    It simply would not work in practice. A proper cipher will.






    share|improve this answer




























      9















      ...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?




      Designing a cipher is significantly less hassle then using a ridiculously long key.



      Designing a cipher only needs to be done once by a competent professional.



      Using a ridiculously long key would need to be:




      • Done by all parties


        • "all parties" includes everyone with a networked electronic device

        • Almost all of them are not competent professionals

        • Requires a pre-existing secure channel, or more likely a face-to-face meeting


          • "secure channel" must not use encryption, otherwise the problem is circular





      • Done pairwise for each group of communicating parties


        • e.g. You have to go through the key establishment process for every particular site you want to visit

        • A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)



      • Done repeatedly


        • You will eventually run out of key material

        • Your keys could become compromised


          • Updating them in a useful time frame will be next to impossible





      • Destroyed securely after use


        • Re-using any part of the key will lead to a practical lose of confidentiality


          • In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key






      It simply would not work in practice. A proper cipher will.






      share|improve this answer


























        9












        9








        9







        ...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?




        Designing a cipher is significantly less hassle then using a ridiculously long key.



        Designing a cipher only needs to be done once by a competent professional.



        Using a ridiculously long key would need to be:




        • Done by all parties


          • "all parties" includes everyone with a networked electronic device

          • Almost all of them are not competent professionals

          • Requires a pre-existing secure channel, or more likely a face-to-face meeting


            • "secure channel" must not use encryption, otherwise the problem is circular





        • Done pairwise for each group of communicating parties


          • e.g. You have to go through the key establishment process for every particular site you want to visit

          • A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)



        • Done repeatedly


          • You will eventually run out of key material

          • Your keys could become compromised


            • Updating them in a useful time frame will be next to impossible





        • Destroyed securely after use


          • Re-using any part of the key will lead to a practical lose of confidentiality


            • In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key






        It simply would not work in practice. A proper cipher will.






        share|improve this answer















        ...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?




        Designing a cipher is significantly less hassle then using a ridiculously long key.



        Designing a cipher only needs to be done once by a competent professional.



        Using a ridiculously long key would need to be:




        • Done by all parties


          • "all parties" includes everyone with a networked electronic device

          • Almost all of them are not competent professionals

          • Requires a pre-existing secure channel, or more likely a face-to-face meeting


            • "secure channel" must not use encryption, otherwise the problem is circular





        • Done pairwise for each group of communicating parties


          • e.g. You have to go through the key establishment process for every particular site you want to visit

          • A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)



        • Done repeatedly


          • You will eventually run out of key material

          • Your keys could become compromised


            • Updating them in a useful time frame will be next to impossible





        • Destroyed securely after use


          • Re-using any part of the key will lead to a practical lose of confidentiality


            • In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key






        It simply would not work in practice. A proper cipher will.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 1 hour ago

























        answered 1 hour ago









        Ella Rose

        15k44178




        15k44178






















            Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.













            Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.












            Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Cryptography Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66162%2fif-kerckhoffs-principle-holds-why-do-we-need-a-cipher-at-all%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Bundesstraße 106

            Image
            Dieser Artikel beschreibt die Bundesstraße 106 in Deutschland. Zur gleichnamigen Straße in Österreich siehe Mölltal Straße. Vorlage:Infobox hochrangige Straße/Wartung/DE-B Bundesstraße 106 in Deutschland Karte Basisdaten Betreiber: Deutschland  Bundesrepublik Deutschland Straßenbeginn: Wismar ( 53° 54′  N , 11° 24′  O 53.900536 11.396875 ) Straßenende: Schwerin ( 53° 36′  N , 11° 24′  O 53.592785 11.404892 ) Gesamtlänge: 40,7 km Bundesland: Mecklenburg-Vorpommern Ausbauzustand: zweistreifig [1] Bundesstraße 106 in Schwerin (Umgehungsstraße) Straßenverlauf Land Mecklenburg-Vorpommern Landkreis Nordwestmecklenburg Ortsumgehung Wismar Wallensteingraben über   Dorf Mecklenburg Wallensteingraben Groß Stieten Bad Kleinen OT Niendorf Bahnstrecke Lübeck–Bad Kleinen Zickhusen Lübstorf Klein Trebbow OT Kirch Stück
            Read more

            Verónica Boquete

            Image
            Verónica Boquete im Trikot der Nationalmannschaft (2013) Personalia Name Verónica Boquete Giadans Geburtstag 9. April 1987 Geburtsort Santiago de Compostela, Spanien Größe 159 cm Position Mittelfeld / Sturm Juniorinnen Jahre Station 2001–2005 Xuventú Aguiño Frauen Jahre Station Spiele (Tore) 1 2005–2008 Prainsa Zaragoza 83 (40) 2008–2010 Espanyol Barcelona 53 (30) 2010 Buffalo Flash 9 0 (9) 2010 Chicago Red Stars 3 0 (1) 2010–2011 Espanyol Barcelona 26 (41) 2011 Philadelphia Independence 13 0 (5) 2011 Energija Woronesch 5 0 (1) 2012–2014 Tyresö FF 39 (14) 2014 Portland Thorns FC 15 0 (4) 2014–2015 1. FFC Frankfurt 23 0 (7) 2015–2016 FC Bayern München 9 0 (0) 2016–2018 Paris Saint-Germain 31 0 (8) 2018 Peking BG Phoenix 2019– Utah Royals FC 0 0 (0) Nationalmannschaft Jahre Auswahl
            Read more

            Ida-Boy-Ed-Garten

            Image
            Die Lage des Ida-Boy-Ed-Gartens, rot markiert Der Ida-Boy-Ed-Garten Der Ida-Boy-Ed-Garten, Blick von der Wakenitzmauer durch das Tor in der Stadtmauer Der Ida-Boy-Ed-Garten ist eine Straße der Lübecker Altstadt. Inhaltsverzeichnis 1 Lage 2 Geschichte 3 Literatur 4 Weblinks Lage | Der etwa 90 Meter lange Ida-Boy-Ed-Garten befindet sich an der nördlichen Spitze der Altstadtinsel, vor dem Burgtor. Die in einem Bogen durch eine Grünanlage hangaufwärts führende Straße verbindet die Wakenitzmauer mit der Burgtorbrücke. Geschichte | Der heutige Ida-Boy-Ed-Garten wurde ursprünglich als Verlängerung der Wakenitzmauer angelegt. 1903 wurde in den erhaltenen Teil der mittelalterlichen Stadtmauer, an dem die Wakenitzmauer bei der Einmündung der Kaiserstraße begann, ein Tor mit einem großen Bogen für die Durchführung der Straße und zwei kleineren seitlichen Öffnungen für Fußgänger gebrochen, um für die neu errichteten Wohnhäuser in diesem Bereich
            Read more