A cryptographic algorithm is a mathematical function f() that takes a value x and produces a result y. Modern functions are very complex and undergo years of development, testing and analysis. Some algorithms are public, while others are very private. Examples of the most commonly used public algorithms are RC4 and variations of DES (DES, 3DES, DESx). These algorithms have undergone tremendous testing and analysis. IDEA is one example of an algorithm that is considered private. IDEA was developed by the US government and its implementation details have never been made public. In order for a cryptographic algorithm to be considered strong, it must exhibit one critical characteristic. It must be infeasible to determine the secret data without knowing the key and it must be infeasible to determine the key from the encrypted data.
Some algorithms are considered public algorithms. This means that the actual mathematical operations used to generate cyphertext from plaintext are open for public review. Other algorithms are kept very secret, and the mathematical operations are not publicly known. Each of these scenarios brings with it pro’s and con’s. The benefit to a public algorithm is that intensive examination my many experts will increase its strength, as flaws and weakness can be rapidly identified and corrected. This of course is only beneficial if the individual who discovers the weakness is on our side. Private algorithms are not subject to this level of examination and testing, reducing the likelihood that weakness will be discovered – by good guys or bad.