Kerckhoffs’ Encryption Principles

Encryption – so as to hide the contents of a message has been in place for thousands of years.  However, as a science, its evolution can be easily tabulated. One of the best instances of formalizing encryption and cryptography is provided by a reading of Kerckhoffs’s principles.  Kerckhoffs was a Dutch cryptographer and in 1883 he wrote an essay on military cryptography. In that he propounded a number of steps to be followed to ensure strong military encryption.

Briefly, these were as under –

  • The system should be unbreakable (at least in practice)
  • The design should be public and its becoming public should not cause trouble for its users (that means that the encrypted data should not be in jeopardy if the design is known)
  • The key should be easy to remember and easily changeable
  • The cryptographic text should be capable of transmission by telegraph
  • The equipment should be man portable and be operated by a single person
  • Should be easy to handle

Of these, most are implementable with today’s technology. It is principle number two that is most interesting. All modern cryptographic systems are built with these in mind. Security by obscurity – by hiding the algorithms required to encrypt data has long been known to promote a weaker algorithm since it is not adequately probed or studied.

Of course there is an exception to this – most military and government cryptographic systems will not publish the algorithms they use. This is to add an added layer of difficulty for a ‘would be’ attacker. As an example, a Type 1 cryptographic product certified by the National Security Agency goes through tests that ensure crypto security, functional safety (the algorithm is OK but is the software OK? Can the software crash or experience a buffer overflow etc), TEMPEST safety, tamper proofing and processes used in manufacture, distribution, use and accounting.

Type 2 – class of equipment is used in telecommunications and automated information systems.

Type 3 - covers products cleared for use with sensitive but unclassified data or on non national security applications. Algorithms like Triple DES fall in this group.

Type 4 - refers to algorithms / products that can be exported. You know what that means!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>