Open Source Security and The Kerchoff´s Principle

868 Words2 Pages

Introduction
This lecture was given by Dr. David Mirza Ahmad one of chief mentors of Subgraph, which is a open-source security start-up based out in Montreal. The talk was based on Kerchoff’s principle which states “the security of any cryptographic system does not rest in its secrecy; it must be able to fall into the enemy’s hand without inconvenience” [1]. The kerchoff’s principle underlines the fact that free software should be having reasonably good security. This fact is well understood by the world of cryptography because cryptography is a black-box where you never know what is happening inside it.
There are lot of security research communities across the globe, many are informal and low-budget though. The security researchers are a curious mix of people attending the same conferences such as teenage hacker’s, students, the intelligence agency people etc.It’s very interesting to note the several things common among security researchers such as:
• They are driven by the natural tendency to challenge the authority of the ciphers.
• They are always passionate about breaking things.
• Possess a good understanding of Kerchoff’s principle
• Share the information across all but do not trust each other. All tools which are not open-source are treated suspiciously.
Bugtraq
This was a community originally created by Scott Chasin and hosted by crimelab.com which changed the world of software industry. It is basically an electronic mailing list fully dedicated to issues about computer security. It had hot topics being discussed in the global forum that says about vulnerabilities, exploitation methods and vendor security-related announcements. [2]
• During its peak time span between the years 2001-2005, it had app...

... middle of paper ...

... from the specification
• It is also written in pure JAVA and can be used as a standalone library or client
• Supports Android and hidden services.
• Its seamless integration into JAVA or JVM applications makes it popular.
Conclusion
It was an eye-opener towards open source security mainly because the speaker himself was the developer and one of the chief programmers of the security tool called Vega. New ciphers are never to be trusted in the cryptography world. Kerchoff’s principle is a very prominent one which opposes the concept of security through obscurity. We are able to understand that open source enhances security, at the same time it’s a question of trade-offs where we have prioritise our choices.

References
[1] Slides of “Kerchoff’s Legacy: Free Software and Security”
[2] http://en.wikipedia.org/wiki/Bugtraq
[3] http://www.subgraph.com/

Open Document