Monday, October 5, 2009

RSA doesn't know Kerckhoff

I found this in RSA Security's guide for their Authentication Manager (a.k.a. RSA SecurID) application suite:
"This reference guide is meant only for security administrators and trusted personnel.
Do not make it available to the general user population."
So much for Kerckhoff's Principle from the world's leading cryptography vendor:
"[S]tated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge."

2 comments:

Neil Turton said...

I'm not sure why they put that into their guide but I don't think Kerckhoff's principle applies here. If the manual contains security sensitive information then they've not done a very good job of keeping it secret. Surely "trusted personnel" here means trusted by RSA's clients, not trusted by RSA.

Another explanation for the statements in the guide is that they don't want to confuse end users by giving them API details. It's reasonable for a document to say that it's not intended to be read by end users, although the wording is perhaps a bit strong for that.

I find Kerckhoff's Principle to be a little too idealist. In general, we never know that a cryptosystem is secure. It's just that there are some cryptosystems that we don't know to be insecure. Given the possibility that the black hats know how to break our cryptosystem but we don't know about it, it may make sense to avoid publishing the details of our cryptosystem. That gives the black hats an extra hurdle to get over at perhaps no cost to us.

The danger, of course, is that it gives a false sense of security, but I think it's a good strategy as a "belt and braces" approach.

Tim MalcomVetter said...

Kerckhoff's point is to focus on obscuring the keys, not the methods, since it is easier to de-obfuscate methods through reverse engineering than it is keys.

I still think this very much applies to the RSA document, since it documents APIs which are themselves descriptions of the inner-workings of their SecurID product. This is hardly an overgrown "boring for end users" disclaimer at the beginning of the document. It's a call to maintain the confidence of the document's contents, which reeks of Kerckhoff's point.