ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
While reviewing a new mobile banking app, the crypto lead proposes inventing a proprietary symmetric algorithm and relying on keeping its details hidden from attackers. You argue this contradicts the design guideline that a cryptosystem must remain secure even when everything except the secret key is public. Which principle are you invoking?
The principle being cited is Kerckhoffs's Principle, which underlies the broader concept of open design. It states that the security of a cryptosystem should not depend on secrecy of the design or implementation; only the key must remain confidential. Relying on obscurity violates this principle because once attackers discover the hidden details, the system collapses. Security through obscurity encourages that flawed reliance, while least common mechanism and complete mediation address different design concerns unrelated to public disclosure of algorithms.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Kerckhoffs's Principle?
Open an interactive chat with Bash
Why is relying on security through obscurity considered flawed?
Open an interactive chat with Bash
How does Kerckhoffs's Principle relate to modern cryptographic systems?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .