Kirkhoff principle

TheKerckhoff'sprinciple(Kerckhoffs’principle,alsoknownastheKirckhoffhypothesis,axiom,orlaw)incryptographywasputforwardbyAugustKirckhoffinthe19thcentury:Anydetailsofthecryptographicsystemarealreadyknown,aslongasthekey(key,alsoknownasthesecretkeyorsecretkey)isnotleaked,itshouldalsobesafe.ClaudeShannon,theinventorofinformationtheory,changedittosay:"Theenemyunderstandsthesystem."SuchastatementiscalledShannon'smaxim.Itisincontrasttothetraditionaluseofcovertdesign,implementation,ortheliketoprovideencryptionforthecovertsecurityidea.

AccordingtotheKirkhofprinciple,mostcivilsecrecyusespublicalgorithms.Butrelatively,confidentialdevicesusedforgovernmentormilitarysecretsareusuallykeptsecret.ThesixprinciplesKirkhovdesignedformilitarysecretsare:

  1. Evenifitisnotmathematicallyunbreakable,thesystemshouldbeunbreakabletoasubstantial(practical)level.

  2. Thesystemshouldnotcontainanysecrets,evenifitfallsintothehandsoftheenemy,itwillnotcausetrouble.

  3. Thekeymustbeeasytocommunicateandremember,withoutwritingdown;andbothpartiescaneasilychangethekey.

  4. Thesystemshouldbeusedfortelecommunications.

  5. Thesystemshouldbeportable,anditshouldnotrequiretwoormorepeopletouseit(itshouldonlybeusedbyoneperson).

  6. Thesystemshouldbeeasytouse,nottooverworktheuser'sbrainpower,andthereisnoneedtorememberalonglistofrules.

BruceSchnellextendedthisidea,thinkingthatinadditiontoapasswordsystem,anysecuritysystemislikethis:tryingtokeepsomethingsecretwillcreatetherootoffailure.

EricStephenRaymondextendedittoopensourcesoftware,referringtosoftwaredesignthatdoesnotassumethattheenemywillgetthesourcecodeandisalreadyunreliable.Therefore,thereisneveracredibleclosedsourcecode.Conversely,opensourceismoresecurethanclosedsource.

Related Articles
TOP