Editing Kerckhoffs's principle (section)

==Explanation of the principle==
Kerckhoffs viewed cryptography as a rival to, and a better alternative than, [[steganographic]] encoding, which was common in the nineteenth century for hiding the meaning of military messages. One problem with encoding schemes is that they rely on humanly-held secrets such as "dictionaries" which disclose for example, the secret meaning of words. Steganographic-like dictionaries, once revealed, permanently compromise a corresponding encoding system. Another problem is that the risk of exposure increases as the number of users holding the secrets increases.

Nineteenth century cryptography, in contrast, used simple tables which provided for the transposition of alphanumeric characters, generally given row-column intersections which could be modified by keys which were generally short, numeric, and could be committed to human memory. The system was considered "indecipherable" because tables and keys do not convey meaning by themselves. Secret messages can be compromised only if a matching set of table, key, and message falls into enemy hands in a relevant time frame. Kerckhoffs viewed tactical messages as only having a few hours of relevance. Systems are not necessarily compromised, because their components (i.e. alphanumeric character tables and keys) can be easily changed.

=== Advantage of secret keys ===
Using secure cryptography is supposed to replace the difficult problem of keeping messages secure with a much more manageable one, keeping relatively small keys secure. A system that requires long-term secrecy for something as large and complex as the whole design of a cryptographic system obviously cannot achieve that goal. It only replaces one hard problem with another. However, if a system is secure even when the enemy knows everything except the key, then all that is needed is to manage keeping the keys secret.<ref>{{cite book |last1=Massey |first1=James L. |title=Cryptography: Fundamentals and Applications |date=1993 |page=2.5 |chapter=Course Notes}}</ref>

There are a large number of ways the internal details of a widely used system could be discovered. The most obvious is that someone could bribe, blackmail, or otherwise threaten staff or customers into explaining the system. In war, for example, one side will probably capture some equipment and people from the other side. Each side will also use spies to gather information.

If a method involves software, someone could do [[memory dump]]s or run the software under the control of a debugger in order to understand the method. If hardware is being used, someone could buy or steal some of the hardware and build whatever programs or gadgets needed to test it. Hardware can also be dismantled so that the chip details can be examined under the microscope.

=== Maintaining security ===
A generalization some make from Kerckhoffs's principle is: "The fewer and simpler the secrets that one must keep to ensure system security, the easier it is to maintain system security." [[Bruce Schneier]] ties it in with a belief that all security systems must be designed to [[graceful exit|fail as gracefully]] as possible:
{{quotation|Kerckhoffs's principle applies beyond codes and ciphers to security systems in general: every secret creates a potential [[single point of failure|failure point]]. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility.<ref name="HomelandInsecurity">{{Citation | author = Mann, Charles C. | date = September 2002 | title = Homeland Insecurity | journal = [[The Atlantic Monthly]] | volume = 290 | issue = 2 | url = https://www.theatlantic.com/issues/2002/09/mann.htm | postscript = . | access-date = 2017-03-08 | archive-date = 2008-07-07 | archive-url = https://web.archive.org/web/20080707082724/http://www.theatlantic.com/issues/2002/09/mann.htm | url-status = live }}</ref>}}

Any security system depends crucially on keeping some things secret. However, Kerckhoffs's principle points out that the things kept secret ought to be those least costly to change if inadvertently disclosed.<ref name="cryptocom">{{cite web |last1=Savard |first1=John J. G. |title=A Cryptographic Compendium: The Ideal Cipher |url=http://www.quadibloc.com/crypto/mi0611.htm |website=www.quadibloc.com |access-date=26 November 2022 |date=2003 |archive-date=26 June 2020 |archive-url=https://web.archive.org/web/20200626220139/http://www.quadibloc.com/crypto/mi0611.htm |url-status=live }}</ref>

For example, a cryptographic algorithm may be implemented by hardware and software that is widely distributed among users. If security depends on keeping that secret, then disclosure leads to major logistic difficulties in developing, testing, and distributing implementations of a new algorithm – it is "brittle". On the other hand, if keeping the algorithm secret is not important, but only the ''keys'' used with the algorithm must be secret, then disclosure of the keys simply requires the simpler, less costly process of generating and distributing new keys.<ref>{{cite web |title=A Modern Interpretation of Kerckhoff |url=https://www.rambus.com/blogs/a-modern-interpretation-of-kerckhoff/ |website=Rambus |access-date=26 November 2022 |date=21 September 2020 |archive-date=26 November 2022 |archive-url=https://web.archive.org/web/20221126025718/https://www.rambus.com/blogs/a-modern-interpretation-of-kerckhoff/ |url-status=live }}</ref>