A note about Kerckhoff's Principle

John Graham-Cumming discusses how storing customer passwords has evolved over time and emphasizes the importance of Kerckhoff's Principle in ensuring security systems are robust. The principle states that a cryptosystem should be secure even if all its details, except for the key, are public knowledge. This is demonstrated through historical examples such as the breaking of the Nazi German Enigma cipher and modern encryption methods like HTTPS, SSL, AES, and RSA. When storing passwords securely, companies rely on the complexity of algorithms like bcrypt, assuming that even in a worst-case scenario where their database is accessed, the security system will still be effective.