Kerckhoffs' Principle: Difference between revisions
imported>Sandy Harris (New page: Jean-Guillame-Hubert-Victor-Francois-Alexandre-Auguste Kerckhoffs von Niewenhof, whose full name might make a start at a minimally strong polyalphabetic key, was usually known as Auguste K...) |
imported>Sandy Harris No edit summary |
||
Line 11: | Line 11: | ||
{{cquote|If the '''method''' of encipherment becomes known to one's adversary, this should not prevent one from continuing to use the cipher as long as the '''key remains unknown'''}} | {{cquote|If the '''method''' of encipherment becomes known to one's adversary, this should not prevent one from continuing to use the cipher as long as the '''key remains unknown'''}} | ||
That is, the security should depend ''only'' on the secrecy of the key. Any serious enemy — one with strong motives and plentiful resources — ''will'' learn all the other details. In war, the enemy will capture some of your equipment and some of your people, and will use spies. If your method involves software, enemies will do memory dumps, run it under the control of a debugger, and so on. If it is hardware, they will buy or steal some and build whatever programs or gadgets they need to test them. Or in any of these cases, they may bribe, blackmail or threaten your staff to learn your secrets. Pne way or another, sooner or later they ''will'' know exactly how it all works. | |||
==References== | |||
{{reflist|2}} |
Revision as of 23:16, 1 August 2008
Jean-Guillame-Hubert-Victor-Francois-Alexandre-Auguste Kerckhoffs von Niewenhof, whose full name might make a start at a minimally strong polyalphabetic key, was usually known as Auguste Kerckhoffs.[1] In his 1883 book, La Cryptographie Militaire, he stated six axioms of cryptography.[2] Some are no longer relevant given the ability of computers to perform complex encryption, but the second is the most critical, and, perhaps, counterintuitive:
“ | If the method of encipherment becomes known to one's adversary, this should not prevent one from continuing to use the cipher as long as the key remains unknown | ” |
That is, the security should depend only on the secrecy of the key. Any serious enemy — one with strong motives and plentiful resources — will learn all the other details. In war, the enemy will capture some of your equipment and some of your people, and will use spies. If your method involves software, enemies will do memory dumps, run it under the control of a debugger, and so on. If it is hardware, they will buy or steal some and build whatever programs or gadgets they need to test them. Or in any of these cases, they may bribe, blackmail or threaten your staff to learn your secrets. Pne way or another, sooner or later they will know exactly how it all works.
References
- ↑ Kahn, David (second edition, 1996), The Codebreakers: the story of secret writing, Scribners p.235
- ↑ Savard, John J. G., The Ideal Cipher, A Cryptographic Compendium