The system must be able to be used by any idiot because eventually one will.
Posted by Jimbo at August 10, 2004 08:38 AMHi Ian,
Just for the record, the only verifiable/reliable on-line reference I found on biographical details on Kerckhoffs is http://en.wikipedia.org/wiki/Auguste_Kerckhoffs.
And his second /condition/ or desidiratum is:
"It is necessary that it [i.e. the secrecy of the system] doesn't require the secret [i.e. the key], and that it can fall in the hand of the enemy without any disadavantage."
Subtly different.
What most cryptographers seems to miss in Kerckhoffs' desidirata is that he requires it to be simple enough to be actually used (no 6). PKI & HCA's a point in place.
gr
Twan
Posted by Twan at August 11, 2004 06:07 AMI think we are all in accordance with Kerckhoffs' 6th principle. An interesting question arises - if one had to sacrifice one of Kerchhoffs principles, how would one go about it?
It occurs to me that one should sacrifice in this order: 1,2,3,4,5,6.
I wonder if he had that in mind?
Posted by Iang at August 11, 2004 06:18 AMTwan I think you are wrong.
With today technology practically anyone can encrypt but the first one to sacrifice is the number 6, that means the system used to encrypt smth could set several instructions (for example a computer program, any kind of application that does the hard work for yourself...) and you are not aware of the interfase that is going on (unless you programmed it ;), you only manage the input and the output. (the 19th century criptography point of view was a less sofisticated and simple approach to the question)