

A note about Kerckhoff's Principle - jgrahamc
http://blog.cloudflare.com/a-note-about-kerckhoffs-principle

======
jnorthrop
I have nothing of significance to add, I just wanted to mention that you've
done a really nice job on this post and the previous. Cryptography is not an
easy topic to cover without getting lost in technical acronyms and jargon. I
should know:I tried in my blog to do the same 3-4 months ago, and I'm now
inspired to rewrite it and try again!

------
raverbashing
"In fact, bcrypt works without a key at all."

Erm... What are they trying to say?

Sure, you can have a null password, and then have a salt and hash that with
bcrypt, but your password is still nothing.

~~~
jgrahamc
I've edited out that statement. It was a gross oversimplification and I should
have gone into the difference between a hash and an encryption scheme and the
fact the password is the key in this case.

------
veyron
Was about to comment that you misspelled Kirchhoff but it appears there's a
different Kerckhoffs's principle.

~~~
jff
I came for the current law, but stayed for the crypto.

