NSA Suite A Cryptography: Is Security through Obscurity Effective?
I don’t believe in security by obscurity in general, but in case of crypto it’s actually worse, because it violates Kerckhoffs Principle
So is it better? Maybe. Is it different? Sure. Is it necessary to hide the algos? If your crypto was good to begin with, you would not need to hide the algorithms, just the keys.
On the other hand, you have the ‘many eyeballs make all bugs shallow’ idea. However, in case of crypto, there are not too many (well educated) eyeballs to actually point out bugs in crypto algos. So one possible explanation for the hiding would be that the NSA makes the bet that there is a higher chance of another (not friendly) nation state having more and/or better eyeballs, as opposed to the benefits of potential improvement coming from opening algos to the community. Or maybe it’s not the probabilities of bug-finding, but the impact that finding a vulnerability would have on the information they use their Suite A to protect. Either way, we will not know, because they will Never Say Anything 😉