/plushcap/analysis/cloudflare/a-note-about-kerckhoffs-principle

A note about Kerckhoff's Principle

What's this blog post about?

John Graham-Cumming discusses how storing customer passwords has evolved over time and emphasizes the importance of Kerckhoff's Principle in ensuring security systems are robust. The principle states that a cryptosystem should be secure even if all its details, except for the key, are public knowledge. This is demonstrated through historical examples such as the breaking of the Nazi German Enigma cipher and modern encryption methods like HTTPS, SSL, AES, and RSA. When storing passwords securely, companies rely on the complexity of algorithms like bcrypt, assuming that even in a worst-case scenario where their database is accessed, the security system will still be effective.

Company
Cloudflare

Date published
June 19, 2012

Author(s)
John Graham-Cumming

Word count
665

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.