Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Kerckhoffs's principle
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Maintaining security === A generalization some make from Kerckhoffs's principle is: "The fewer and simpler the secrets that one must keep to ensure system security, the easier it is to maintain system security." [[Bruce Schneier]] ties it in with a belief that all security systems must be designed to [[graceful exit|fail as gracefully]] as possible: {{quotation|Kerckhoffs's principle applies beyond codes and ciphers to security systems in general: every secret creates a potential [[single point of failure|failure point]]. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility.<ref name="HomelandInsecurity">{{Citation | author = Mann, Charles C. | date = September 2002 | title = Homeland Insecurity | journal = [[The Atlantic Monthly]] | volume = 290 | issue = 2 | url = https://www.theatlantic.com/issues/2002/09/mann.htm | postscript = . | access-date = 2017-03-08 | archive-date = 2008-07-07 | archive-url = https://web.archive.org/web/20080707082724/http://www.theatlantic.com/issues/2002/09/mann.htm | url-status = live }}</ref>}} Any security system depends crucially on keeping some things secret. However, Kerckhoffs's principle points out that the things kept secret ought to be those least costly to change if inadvertently disclosed.<ref name="cryptocom">{{cite web |last1=Savard |first1=John J. G. |title=A Cryptographic Compendium: The Ideal Cipher |url=http://www.quadibloc.com/crypto/mi0611.htm |website=www.quadibloc.com |access-date=26 November 2022 |date=2003 |archive-date=26 June 2020 |archive-url=https://web.archive.org/web/20200626220139/http://www.quadibloc.com/crypto/mi0611.htm |url-status=live }}</ref> For example, a cryptographic algorithm may be implemented by hardware and software that is widely distributed among users. If security depends on keeping that secret, then disclosure leads to major logistic difficulties in developing, testing, and distributing implementations of a new algorithm – it is "brittle". On the other hand, if keeping the algorithm secret is not important, but only the ''keys'' used with the algorithm must be secret, then disclosure of the keys simply requires the simpler, less costly process of generating and distributing new keys.<ref>{{cite web |title=A Modern Interpretation of Kerckhoff |url=https://www.rambus.com/blogs/a-modern-interpretation-of-kerckhoff/ |website=Rambus |access-date=26 November 2022 |date=21 September 2020 |archive-date=26 November 2022 |archive-url=https://web.archive.org/web/20221126025718/https://www.rambus.com/blogs/a-modern-interpretation-of-kerckhoff/ |url-status=live }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)