Not to be confused with Kirchhoff's circuit laws. Kirchhoffs circuit laws are a pair of laws that deal with the conservation of charge and energy in electrical circuits, and were first described in 1845 by Gustav Kirchhoff. ...

In cryptography, Kerckhoffs' law (also called Kerckhoffs' assumption, axiom or principle) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's maxim. It is widely embraced by cryptographers, in opposition to security through obscurity. The Enigma machine, used by Germany in World War II, implemented a complex cipher to protect sensitive communications. ... Auguste Kerckhoffs Dr Auguste Kerckhoffs (19 January 1835 - 1903) was a Flemish linguist and cryptographer who was professor of languages at the School of Higher Commercial Studies in Paris in the late 19th century. ... Alternative meaning: Nineteenth Century (periodical) (18th century — 19th century — 20th century — more centuries) As a means of recording the passage of time, the 19th century was that century which lasted from 1801-1900 in the sense of the Gregorian calendar. ... A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ... A key is a piece of information that controls the operation of a cryptography algorithm. ... Claude Elwood Shannon (April 30, 1916 - February 24, 2001) has been called the father of information theory, and was the founder of practical digital circuit design theory. ... In cryptography, an adversary (rarely opponent, enemy) is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal (primarily privacy, integrity and availability of data). ... In cryptography and computer security, security through obscurity (sometimes security by obscurity) is to some a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc. ...

In accordance with Kerckhoffs' law, the majority of civilian cryptography makes use of publicly-known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see Type 1 encryption). In cryptography, a Type 1 product is a device or system certified by the National Security Agency (NSA) for use in cryptographically securing classified U.S. Government information. ...

The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from the French, they are: This article is about algorithms for encryption and decryption. ...

1. The system must be practically, if not mathematically, indecipherable;
2. It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
3. Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
4. It must be applicable to telegraphic correspondence;
5. It must be portable, and its usage and function must not require the concourse of several people;
6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.

Bruce Schneier ties it in with a belief that all security systems must be designed to fail as gracefully as possible: Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility. [1] Bruce Schneier Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer. ...

It is worth expanding on what Schneier means by brittleness: after all, any security system depends crucially on keeping some things secret. What Schneier means is that the things which are kept secret ought to be those which are least costly to change should they be inadvertently disclosed. A cryptographic algorithm may be implemented by hardware and software which is widely distributed among its users; if security depended on keeping that secret, then disclosure would lead to major logistic headaches in developing, testing and distributing implementations of a new algorithm. Whereas if the secrecy of the algorithm were not important, but only that of the keys used with the algorithm, then disclosure of the keys would require the much less arduous process of generating and distributing new keys.

Or in other words, the fewer the things one needs to keep secret in order to ensure the security of the system, the easier it is to maintain that security.

Eric Raymond extends this principle in support of open source software, saying Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*. [2] The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency. Eric S. Raymond Eric Steven Raymond (born December 4, 1957), often referred to as ESR, is the author of The Cathedral and the Bazaar and the present maintainer of the Jargon File (also known as The New Hackers Dictionary). Though the Jargon File established his original reputation within hacker... Open source refers to projects that are open to the public and which draw on other projects that are freely available to the general public. ...

References

• Auguste Kerckhoffs, La cryptographie militaire, Journal des sciences militaires, vol. IX, pp. 5–83, Jan. 1883, pp. 161–191, Feb. 1883.

External links

• John Savard article discussing Kerckhoffs' design goals for ciphers
• Reference to Kerckhoffs' original paper, with scanned original text