- Kerckhoffs' principle
cryptography, Kerckhoffs' principle (also called Kerckhoffs' assumption, axiom or law) was stated by Auguste Kerckhoffsin the 19th century: a cryptosystemshould be secure even if everything about the system, except the key, is public knowledge. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's maxim. In contrast to security through obscurity, it is widely embraced by cryptographers.
In accordance with Kerckhoffs' principle, the majority of civilian cryptography makes use of publicly-known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see
Type 1 encryption).
The law was one of six design principles laid down by Kerckhoffs for military
ciphers. Translated from French, they are: [Auguste Kerckhoffs, "La cryptographie militaire", "Journal des sciences militaires", vol. IX, pp. 5–83, Jan. 1883, pp. 161–191, Feb. 1883. Available [http://www.petitcolas.net/fabien/kerckhoffs/ online] ]
# The system must be practically, if not mathematically, indecipherable;
# It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
# Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
# It must be applicable to telegraphic correspondence;
# It must be portable, and its usage and function must not require the concourse of several people;
# Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
Bruce Schneierties it in with a belief that all security systems must be designed to fail as gracefully as possible: :"Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility."cite journal | author = Mann, Charles C. | year = 2002 | month = September | title = Homeland Insecurity | journal = The Atlantic Monthly| volume = 290 | issue = 2 | url = http://www.theatlantic.com/issues/2002/09/mann.htm] Any security system depends crucially on keeping "some" things secret. However, Kerckhoffs' principle points out that the things which are kept secret ought to be those which are least costly to change if inadvertently disclosed. A cryptographic algorithm may be implemented by hardware and software which is widely distributed among its users; if security depended on keeping that secret, then disclosure would lead to major logistic headaches in developing, testing and distributing implementations of a new algorithm -- it is "brittle". Whereas if the secrecy of the algorithm were not important, but only that of the "keys" used with the algorithm, then disclosure of the keys would require the much less arduous process of generating and distributing new keys.
Or in other words, the fewer and simpler the things one needs to keep secret in order to ensure the security of the system, the easier it is to maintain that security.
Eric Raymond extends this principle in support of
open sourcesoftware, saying
Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*. [http://lwn.net/Articles/85958/ If Cisco ignored Kerckhoffs's Law, users will pay the price [LWN.net ] ]The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of "security through transparency".
An example of technology which relies upon a secret cryptosystem is
WLAN Authentication and Privacy Infrastructure(WAPI), the wireless LAN security standard the Chinese government has proposed to encompass civilian uses on a global scale.
* [http://www.quadibloc.com/crypto/mi0611.htm John Savard article discussing Kerckhoffs' design goals for ciphers]
* [http://petitcolas.net/fabien/kerckhoffs/ Reference to Kerckhoffs' original paper, with scanned original text]
Wikimedia Foundation. 2010.