Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Security Introduction to Data Security Concerns Risk Assessment and Management

Akhil Nair
Akhil Nair
4,150 Points

Won't a crypto system that is publicly known be more easier to hack into, because everyone knows how it works?

I think I am missing some important link here. Can someone plese help me get better context about this idea.

1 Answer

This is one of those things that people have been debating really since before even the rise of opensource software in the 80's - if you're code is known, aren't you at risk?

The counter argument is that just as more people might want to find flaws for "bad" intentions, so too there are more people able to find the flaws before they do - white hat hackers + researchers + companies outnumber black hat hackers willing to take the risk.

In the real world, it tends to cancel out. We know security through obscurity doesn't work and neither does secret proprietary methods. For example Windows OS wasn't hacked less often than Linux-based OS's.

Basically what happens is a kind of evolution. A crypto method emerges, people attack it, if it's resistant it gains wide adoption until such a time that it is compromised. This natural process tends to weed out methods with inherent faults quite early on, so it tends to just come down to complexity - you can know exactly how it works, it's just too time consuming for a computer to break.

Akhil Nair
Akhil Nair
4,150 Points

Thanks for taking time to reply Jon. :) I was also going through public key encryption, that has given me little more context about the same.