Kerckhoffs' principle

The Kerckhoffs 'principle or Kerckhoffs' maxim is a principle of modern cryptography formulated by Auguste Kerckhoffs in 1883 , which states that the security of a (symmetrical) encryption method is based on the secrecy of the key instead of the secrecy of the encryption algorithm . The Kerckhoffs principle is often called security through obscurity contrasted with: security through the secrecy of the encryption algorithm itself, possibly in addition to the secrecy of the key (s) used.

Historical

Kerckhoff's principle is the second of the six principles for the construction of a secure encryption method that Kerckhoffs introduced in La cryptographie militaire in 1883 :

"Il faut qu'il n'exige pas le secret, et qu'il puisse sans inconvénient tomber entre les mains de l'ennemi. »

"It must not require secrecy and should be able to fall into the hands of the enemy without harm."

- Auguste Kerckhoffs, La cryptographie militaire 1883

The six principles are:

The system must be essentially (...) indecipherable .
The system must not require confidentiality (...).
It has to be easy to transmit and you have to be able to remember the keys without a written record (...).
The system should be compatible with telegraphic communications.
The system must be portable and operation must not require more than one person.
The system must be easy to use (...).

A cipher system that met these requirements did not exist at the time.

Modern cryptography

There are also good reasons for the Kerckhoffs principle in modern cryptography:

It is much more difficult to keep an algorithm secret than a key.
It is more difficult to replace a compromised algorithm with another than a compromised key.
Secret algorithms can be reconstructed from software or hardware implementations by reverse engineering .
Errors in public algorithms are more easily discovered (see peer review ) if as many experts as possible deal with them.
It is easier to hide a back door in "secret" encryption methods .

The consistent application of Kerckhoff's principle means that many experts can form an opinion about a process. This is desirable: the abundance of expert opinions allows the process to be examined more thoroughly for potential weaknesses and security gaps. For example, the AES algorithm was determined in a public tendering process in which many experts submitted and examined proposals for a new, as secure as possible, encryption algorithm. “Open source is not at the expense of security,” says a Security Insider article of the same name.

Experience in cryptology also shows that many procedures kept secret by their developers have proven to be weak after or with their disclosure and have been broken . Examples are the GSM algorithms A5 / 1 and A5 / 2 , cryptographic algorithms of the Mifare Classic and Legic prime access control cards and the magenta encryption method . On the other hand, a secret cryptographic algorithm is not necessarily insecure.

The Kerckhoffs principle is used in most of the encryption algorithms used today, such as DES , AES and RSA .

literature

Auguste Kerckhoffs : La cryptographie militaire. In: Journal des sciences militaires. Vol. 9, pp. 5-38 (Jan. 1883), pp. 161-191 (Feb. 1883).
Bruce Schneier : Applied Cryptography . 2nd edition, Wiley, 1996, ISBN 0-471-11709-9 .
Niels Ferguson, Bruce Schneier: Practical Cryptography . Wiley, 2003, ISBN 0-471-22357-3 , p. 23.

Web links

CrypTool , e-learning, tools and programs on the subject of encryption

Individual evidence

↑ Bruce Schneier: Secrecy, Security, and Obscurity , May 15, 2002
↑ Open source is not at the expense of security. In: Security-Insider.de: IT security, Trojans, firewall, antivirus, network security. Retrieved March 8, 2016 .

[1] Bruce Schneier: Secrecy, Security, and Obscurity , May 15, 2002

[2] Open source is not at the expense of security. In: Security-Insider.de: IT security, Trojans, firewall, antivirus, network security. Retrieved March 8, 2016 .