saltzer and schroeder on information protection
this is taken from a paper i'm writing with avi rubin. it's not a sound bite, more like a snack. peter =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Experts dismiss systems that hide cryptographic algorithms or protocols (a.k.a. "security through obscurity"). Kahn [1] cites Kerckhoffs' classic treatise on military security [2]. Saltzer and Schroeder [3] reflect the modern view in describing "open design" as one of the basic principles of information protection: The design should not be secret. The mechanisms should not depend on the ignorance of potential attackers, but rather on the possession of specific, more easily protected, keys or passwords. This decoupling of protection mechanisms from protection keys permits the mechanisms to be examined by many reviewers without concern that the review may itself compromise the safeguards. In addition, any skeptical user may be allowed to convince himself that the system he is about to use is adequate for his purpose. Finally, it is simply not realistic to attempt to maintain secrecy for any system which receives wide distribution. 1. D. Kahn, The Codebreakers, Macmillan Publishing Co., New York (1967). 2. A. Kerckhoffs, La Cryptographie Militaire, Libraire Militaire de L. Baudoin & Cie., Paris (1883). 3. J.H. Saltzer and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. of the IEEE, Vol. 63(9), pp. 1278-1307 (September, 1975).
participants (1)
-
peter honeyman