Kerckhoffs’ principle

December 30, 2007

Found this through a post by Chad Perrin
Kerckhoff’s principle

The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from French, they are:

1. The system must be practically, if not mathematically, indecipherable;
2. It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
3. Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
4. It must be applicable to telegraphic correspondence;
5. It must be portable, and its usage and function must not require the concourse of several people;
6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.

see: Claude Shannon as “the enemy knows the system”.

see: Eric Raymond extends this principle in support of open source software, saying

“Any security software design that doesn’t assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*.

The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency.