Openness and Kerckhoffs’ principle

December 18, 2007 at 9:47 pm 1 comment

I don’t know too much about crypto stuff so when I came across Kerckhoffs’ principle, I was intrigued. This 19th century principle states that a (military crypto) system should be secure even if everything about the system, except the key, is public knowledge.

It was reformulated as “the enemy knows the system” by Claude Shannon and contrasts with the security by obscurity approach.

Several people, including Bruce Schneier in a Crypto-Gram Newsletter, have extended the thinking to other systems.

Got me thinking. I think the point is that the strength of a system is inversely proportional to the number of secrets it has to rely on, i.e. a system which relies on several secrets for its security is inherently less secure than one that relies on a small number of secrets (ideally, none except the “key”).

So, a strategy that relies on peoples’ ignorance is risky.

While this seems intuitive for crypto, I think it can be applied to all sorts of things with interesting results. Authentication systems for one. Proprietary vs. open standards for another. Applying this to government policies makes transparency a better choice.

Come to think of it, in many of my public presentations, I have described the way NZ authentication services are architected and work at a fairly detailed level. The underlying belief was in line with Kerckhoffs’ principle in that they do not rely on obscurity to be secure.


Entry filed under: authentication, fraud, network, NZ, security, strategy.

NZ: online banking- liability and authentication Promoting online services

1 Comment Add your own

  • 1. Adair  |  April 8, 2008 at 8:54 pm

    I take your point about ‘inefficiency’. My comment was tongue in cheek, but also with the implication that one person’s efficiency can be someone else’s oppression, e.g. the Nazi’s efficiency (for its time), in processing Jews, etc.

    The concern about the Labour Govt’s/Civil Service’s proposal here in the UK, is that, although it has recently been adapted (again!), to a somewhat more distributed model, it nevertheless continues to concentrate the power in the hands of the Govt. It is effectively a ‘land-grab’ by the state over personal identity and its use.

    It is even more invidious and reprehensible than that because while the Govt. attempts to take over ownership of personal identity it is ‘irresponsible’ ownership. All the responsibility and risk will be bourne by the individual. The state will effectively take no responsibility for errors or abuse of the system.

    As you can tell I, and others, feel somewhat passionately about what is being enacted here. Hopefully, behind the scenes, wiser and more morally grounded heads will ultimately prevail. At least there is some growing public and commercial recognition that the whole thing is highly likely to become another first rate British farce—but at what cost if it goes ahead?

    A system where I/we know that our control and use of our personal identity is strongly supported by the resources of the state, but where they state makes no claim to ‘own’ my identity, and actively prevents that, would be far more constructive and help cement a constructive and trust based relationship between the state and the individual—a symbiosis.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter


%d bloggers like this: