Kerckhoffs' law
|
Not to be confused with Kirchhoff's circuit laws.
In cryptography, Kerckhoffs' law (also called Kerckhoffs' assumption, axiom or principle) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's maxim. It is widely embraced by cryptographers, in opposition to security through obscurity.
In accordance with Kerckhoffs' law, the majority of civilian cryptography makes use of publicly-known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see Type 1 encryption).
The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from the French, they are:
- The system must be practically, if not mathematically, indecipherable;
- It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
- Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
- It must be applicable to telegraphic correspondence;
- It must be portable, and its usage and function must not require the concourse of several people;
- Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
Bruce Schneier ties it in with a belief that all security systems must be designed to fail as gracefully as possible: Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility. [1] (http://www.theatlantic.com/issues/2002/09/mann.htm)
It is worth expanding on what Schneier means by brittleness: after all, any security system depends crucially on keeping some things secret. What Schneier means is that the things which are kept secret ought to be those which are least costly to change should be they be inadvertently disclosed. A cryptographic algorithm may be implemented by hardware and software which is widely distributed among its users; if security depended on keeping that secret, then disclosure would lead to major logistic headaches in developing, testing and distributing implementations of a new algorithm. Whereas if the secrecy of the algorithm were not important, but only that of the keys used with the algorithm, then disclosure of the keys would require the much less arduous process of generating and distributing new keys.
Or in other words, the fewer the things one needs to keep secret in order to ensure the security of the system, the easier it is to maintain that security.
Eric Raymond extends this principle in support of open source software, saying Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*. [2] (http://lwn.net/Articles/85958/) The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency.
References
- Auguste Kerckhoffs, La cryptographie militaire, Journal des sciences militaires, vol. IX, pp. 5–83, Jan. 1883, pp. 161–191, Feb. 1883.
External links
- John Savard article discussing Kerckhoffs' design goals for ciphers (http://home.ecn.ab.ca/~jsavard/crypto/mi0611.htm)
- Reference to Kerckhoffs' original paper, with scanned original text (http://petitcolas.net/fabien/kerckhoffs/)de:Kerckhoffs-Prinzip