Kerckhoffs’ Principle is one of the keys to solid cryptographic security. Here is the definition I found on the Wikipedia:
“A Cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
Kerckhoffs’ Principle does not require that we publish or disclose how things work. It does require that the security of the system must not be negatively impacted by such a disclosure. A sub-theme of this principle, is that if the system is not negativly impacted by disclosure, it may be enhanced.
In the history of cryptographic systems, peer reviewed systems/algorithms/techniques have outperformed closed/proprietary ones. This has its roots in basic human nature and is demonstrated every day in basic quality controls used for software in general.
A coworker once pointed out, “I am very confident that I can build a system that I cannot break. I am not so confident that I can build a system that no one else can break.” Getting many “someone else” resources to look at things is the core of Kerckhoffs’ Principle in practice, even if not in original intent. An example of using Kerckhoffs’ Principle is the current effort by NIST to sponsor the development and adoption of the next generation of hash algorithms through their hash contest (wiki, NIST).
If You Need to Keep the “How” Secret…
If you need to keep the “how” secret, then odds are it isn’t a very good approach to the problem (and you may know that). I am often shocked when probing people on password protection, at how often their not wanting to disclose this information (because it is a “secret” itself) correlates to a very poor practice.
BTW: the most frequent bad practice that I encounter over and over again is that “Base64 Encoding” is being used to “protect” the password. If I built a system that did that, I too would want to keep it a secret… 😉
(In this case, I think the reluctance to disclose the information aligns more with “cover up” than “system design secret”.)
(aka Not Being Dependent on Cleverness over Knowledge…)
It often seems odd to people that there are no secrets about how modern cryptographic algorithms are designed, operate, and are selected for broad usage. Of course, I think many of these people don’t understand that this is no different from most security controls. Anyone can purchase a high-security lock, and then reverse engineer the lock. Take it apart, put it back together again, take it apart and examine (or replicate) each part, and so on. People’s trust in locks often greatly exceeds the actual “security” provided by the lock, but that has nothing to do with the fact that people have examined them. Most frequently it has more to do with people just purchasing cheap locks.
Kerckhoffs’ Second Benefit: You Can Stand on The Shoulders of Giants
Back to passwords… Let’s say you are writing an application, and you need to store user account passwords. You are in luck – you can examine a broad body of work documenting the failures and redesigns of a number of password systems – and you can emulate what is working today without repeating old mistakes. The same can be said for a great number of security functions.
It often amazes me how often people start with the blank page and reinvent the wheel. Personally, I don’t ever want to re-invent the wheel. If I do that, I will be lucky if I develop the wheel for a Roman ox cart, or bicycle. I would rather take what I can find out about the wheel and take it to the next level (maybe Formula 1 Ferrari Team Wheels…), or be done with that part of the system design quickly and focus on something more challenging.
Kerckhoffs’ Third Benefit: Standards
Any time you are developing a solution to a problem and you can leverage a standards approach you are gaining numerous benefits. First, you are leveraging the “Standing on the Shoulders of Giants” concept by inheriting a body of work that has been tested, reviewed, etc. Second, it is easier to communicate it to others.
In the cryptographic world, there are a number of very helpful standards bodies. These include:
- NIST Computer Security Division
- NSA Suite B
- OASIS
- ANSI and ISO
More soon…
Cheers, Erik
artofinfosec 