Kerckhoff’s Law for Security Engineers

submited by
Style Pass
2021-06-05 20:00:08

One of the first lessons in cryptography 101 is Kerckhoff’s law: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. This is an often-repeated maxim accompanied with “there is no security with obscurity.”

I always found this framing confusing: it felt inconsistent within itself. “don’t rely on secrecy except for the secrecy of the key” What is so special about keys? Why is it ok to rely on the secrecy of keys and not on secrecy of anything else? And because it is so focused on keys, it’s hard to really take this foundational lesson and apply it in contexts other than cryptographic algorithms.

In Schneier’s framing, the aim here is resilience. Secrecy is a source of brittleness. When something you relied on being secret inevitably leaks, it can be the cause of catastrophic failure. I.e., if you rely on your cryptographic algorithm remaining secret, one day it’s not and suddenly you are in a world of pain.

This provides a framing of Kerckhoff’s law that I have found very useful: the security of your system should rely only on secrecy of things you can change easily. Just using open, well-known algorithms for encryption is not enough. You need to be able to change the key easily.

Leave a Comment