nerdexam
GIAC

GSEC · Question #126

GSEC Question #126: Real Exam Question with Answer & Explanation

The correct answer is B. Well-known. Kerckhoffs's principle states that a cryptographic algorithm should be secure even if everything about the system, except the key, is public knowledge.

Question

To be considered a strong algorithm, an encryption algorithm must be which of the following?

Options

  • ASecret
  • BWell-known
  • CConfidential
  • DProprietary

Explanation

Kerckhoffs's principle states that a cryptographic algorithm should be secure even if everything about the system, except the key, is public knowledge.

Common mistakes.

  • A. Keeping an algorithm secret is 'security through obscurity,' which is not considered a strong security property since discovery of the algorithm immediately breaks the system.
  • C. Confidential is equivalent to secret in this context - relying on algorithm secrecy for security violates Kerckhoffs's principle.
  • D. Proprietary algorithms are not publicly audited, meaning vulnerabilities may exist that have never been discovered or disclosed, undermining trust.

Concept tested. Kerckhoffs's principle in cryptographic algorithm strength

Reference. https://csrc.nist.gov/glossary/term/kerckhoffs_principle

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice