Kerckhoffs's principle

One min read - 142 words


A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. This principle of cryptography was formulated by the Dutch born cryptographer Auguste Kerckhoffs in the 19th century.

Keeping a large and complex design of a cryptographic system secret is difficult. Internal details of such a design might be leaked in numerous ways. Bribery or blackmail are just two methods to discover these details. Therefore, long-term secrecy might be jeopardized.

The competition for AES by NIST is a great example in this regards. During the competition the designs were openly analysed. Some designs fell to significant shortcomings or poor performance. In the end, Rijndael was picked from the five finalists.

A contradicting concept is Security through obscurity. The obvious problem is the lack of open discussion to encourage better security.

Additional Resources