kerckhoffs-principlelisted

# Kerckhoffs's Principle > "In cryptography, a system should be secure even if everything about the system, except for a small piece of information — the key — is public knowledge." > — Auguste Kerckhoffs, 1883 ## The core idea A secure system should remain secure even if your adversary knows everything about how it works — every algorithm, every protocol, every implementation detail. The only secret should be the **key**: a small, replaceable piece of information that is easy to change if compromised. Equivalently (Claude Shannon's reformulation): "The enemy knows the system." Design accordingly. ## Why this matters "Security through obscurity" — keeping the algorithm secret — is a fragile and dangerous strategy: - **Algorithms leak.** Reverse engineering, insider threats, disgruntled employees, code dumps, patents, academic publications — secrets get out. - **You can't change an algorithm like you can change a key.** If your secret is the algorithm and the algorithm leaks, you have to redesign your entire system. If your secret is a key and the key leaks, you rotate it. - **Obscurity prevents scrutiny.** When experts can't examine your system, bugs and vulnerabilities go unfound. Open systems attract more eyeballs and become more secure over time (see also: Linus's Law). - **Attackers don't follow your assumptions.** Designing under the assumption that attackers don't know your system design is almost always wrong by the time you're under attack. ## What this means