The Origins of Kerckhoffs’ Principle
In 1883, Dutch linguist and cryptographer Auguste Kerckhoffs published an article titled “La Cryptographic Militaire” (Military Cryptography) in the “Le Journal des Sciences Militaires” (Journal of Military Sciences). In this article, he defined six fundamental design principles for crypto systems.
6 Fundamental Design Principles for Crypto Systems
- The system must be indecipherable at least in practice, if not mathematically.
- The system must not be required to be secret, and it must be able to fall into the hands of an enemy without inconvenience.
- The encryption key for the system must be capable of being stored and communicated without the help of written notes, and able to be changed or modified at the will of the communicating parties.
- The system must be capable of being applied to communications via telegraph.
- Equipment and documents for the system must be portable, and their usage and function must not require the gathering or collaboration of several people.
- The system must be easy to use, requiring neither mental strain nor the knowledge of a long series of rules in order to implement it.
The second axiom of these design principles is what is now acknowledged as Kerckhoffs’ Principle.
The system must not be required to be secret, and it must be able to fall into the hands of an enemy without inconvenience.
Auguste Kerckhoffs
This principle states that the security of a cryptographic system must depend on the secrecy of its keys only and everything else, including the algorithm itself, should be considered public knowledge.
How Does it Relate to Shannon’s Maxim?
This principle was further elucidated by Claude Shannon as a generalized rule, that is known as the Shannon’s Maxim, aka Open Design Principle:
One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.
Claude Shannon
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
The fundamental idea in both principles is that secrecy in itself should not be your goal to guarantee security.
Kerkchoffs’ Principle vs Security by Obscurity
A more contemporary phrase used to explain this concept is the avoidance of Security by Obscurity. Security by Obscurity (aka Security through Obscurity) is the practice of keeping your algorithm or system secret in the false belief that risk of being targeted by the attackers can be minimized.
To give an analogy, it is no different than hiding the key to your front door under a nearby rock or the welcome mat. A few well known and commonly practiced examples are hiding user passwords inside binary code or sharing only the binary version of your algorithm, hiding the source code for it.
Concealing the presence of a message by obscuring it in different types of content, aka Steganography, is another example for Security by Obscurity. Historically, invisible ink was used for this purpose. Today, common examples of steganography is hiding messages in different file formats, such as graphic or audio files. However, the security of this mechanism can be breached once the message concealment method or algorithm is known to the attackers.
In cyber security, such a protection mechanism is considered to provide only a false sense of security rather than realistic security. So, in essence, security by obscurity is fundamentally the opposite of the Kerckhoffs’ Principle and the Shannon’s Maxim. History shows that security by obscurity is vulnerable to attacks, e.g., through reverse engineering method. Thus, your security mechanism should not solely rely on it.
Summary of the Kerckhoffs’ Principle
To summarize, Kerckhoffs’ Principle is fundamentally the same with the Shannon’s Maxim and the Open Design Principle. It states basically that we should assume that the attacker already knows the system (algorithm). So, the single property that we should rely for the protection of the systems should be keeping the keys secrets.
To learn more about the fundamental principles of cyber security, you could also read our article How to Develop Secure Systems: 10 Design Principles.
