Some Key Principles
To cryptographically secure your system, there are some principles you should assume. We will study them in this lesson.
We'll cover the following...
Fields, Kerckhoffs, and Shannon
It always catches my attention when I see similar advice from multiple traditions. It feels like triangulating in on the truth.
The enemy knows the system
Linguist and cryptographer Auguste Kerckhoffs is best known for a pair of essays written in 1883. The key piece of advice from these essays is known these days as Kerckhoffs’s Law, one translation of which is, “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
Electrical engineer and cryptographer Claude Elwood Shannon made fundamental advances to circuit design and information encoding. He played an important role in American cryptography during World War II and worked with Alan Turing. Of particular interest to us is Shannon’s Maxim, “The enemy knows the system.”
It’s not really a surprise that two early pioneers in cryptology would have such similar advice for us. What catches my eye, however, is how well this fits in with a lesson from W.C. Fields, a famous comedian, entertainer, and perhaps security researcher. Fields coined a famous saying that I like to call Fields’s Imperative: “Never give a sucker an even break.” (NGASAEB)
Fields’s Imperative reminds us that when we’re building a system, our design determines what the adversary has to achieve in order to defeat it. If we build a system that relies on the secrecy of the implementation for its security, we’re giving the adversary an even break. Kerckhoffs and Shannon told us that we should expect our adversaries to understand our implementation.
Consider how hard you’d have to work to make sure an adversary could never do any of the following:
- Find your backups
- Find your source control
- Find a disgruntled current or former developer
- Threaten or bribe a gruntled current or former developer
- Compromise a single computer that runs your software and then decompile the software
- Watch network traffic
Why bring this up? Because people who roll their own crypto ...