TheKerckhoff'sprinciple(Kerckhoffs’principle,alsoknownastheKirckhoffhypothesis,axiom,orlaw)incryptographywasputforwardbyAugustKirckhoffinthe19thcentury:Anydetailsofthecryptographicsystemarealreadyknown,aslongasthekey(key,alsoknownasthesecretkeyorsecretkey)isnotleaked,itshouldalsobesafe.ClaudeShannon,theinventorofinformationtheory,changedittosay:"Theenemyunderstandsthesystem."SuchastatementiscalledShannon'smaxim.Itisincontrasttothetraditionaluseofcovertdesign,implementation,ortheliketoprovideencryptionforthecovertsecurityidea.
AccordingtotheKirkhofprinciple,mostcivilsecrecyusespublicalgorithms.Butrelatively,confidentialdevicesusedforgovernmentormilitarysecretsareusuallykeptsecret.ThesixprinciplesKirkhovdesignedformilitarysecretsare:
Evenifitisnotmathematicallyunbreakable,thesystemshouldbeunbreakabletoasubstantial(practical)level.
Thesystemshouldnotcontainanysecrets,evenifitfallsintothehandsoftheenemy,itwillnotcausetrouble.
Thekeymustbeeasytocommunicateandremember,withoutwritingdown;andbothpartiescaneasilychangethekey.
Ratio debet esse fortelecommunicationes.
Thesystemshouldbeportable,anditshouldnotrequiretwoormorepeopletouseit(itshouldonlybeusedbyoneperson).
Thesystemshouldbeeasytouse,nottooverworktheuser'sbrainpower,andthereisnoneedtorememberalonglistofrules.
BruceSchnellextendedthisidea,thinkingthatinadditiontoapasswordsystem,anysecuritysystemislikethis:tryingtokeepsomethingsecretwillcreatetherootoffailure.
EricStephenRaymondextendedittoopensourcesoftware,referringtosoftwaredesignthatdoesnotassumethattheenemywillgetthesourcecodeandisalreadyunreliable.Therefore,thereisneveracredibleclosedsourcecode.Conversely,opensourceismoresecurethanclosedsource.
