March 29, 2024

Security by Obscurity

Adam Shostack points to a new paper by Peter Swire, entitled “A Model for When Disclosure Helps Security”. How, Swire asks, can we reconcile the pro-disclosure “no security by obscurity” stance of crypto weenies with the pro-secrecy, “loose lips sink ships” attitude of the military? Surely both communities understand their own problems; yet they come to different conclusions about the value of secrecy.

Swire argues that the answer lies in the differing characteristics of security problems. For example, when an attacker can cheaply probe a system to learn how it works, secrecy doesn’t help much; but when probing is impossible, expensive, or pointless, secrecy makes more sense.

This is a worthwhile discussion, but I think it slightly misses the point of the “no security by obscurity” principle. The point is not to avoid secrecy altogether; that would almost never be feasible. Instead, the point is to be very careful about what kind of secrecy you rely on.

“Security by obscurity” is really just a perjorative term for systems that violate Kerckhoffs’ Principle, which says that you should not rely on keeping an algorithm secret, but should only rely on keeping a numeric key secret. Keys make better secrets than algorithms do, for at least two reasons. First, it’s easy to use different keys in different times and places, thereby localizing the effect of lost secrets; but it’s hard to vary your algorithms. Second, if keys are generated randomly then we can quantify the effort required for an adversary to guess them; but we can’t predict how hard it will be for an adversary to guess which algorithm we’re using.

So cryptographers do believe in keeping secrets, but are very careful about which kinds of secrets they keep. True, the military’s secrets sometimes violate Kerckhoffs’ principle, but this is mainly because there is no alternative. After all, if you have to get a troopship safely across an ocean, you can’t just encrypt the ship under a secret key and beam it across the water. Your only choice is to rely on keeping the algorithm (i.e., the ship’s route) secret.

In the end, I think there’s less difference between the methods of cryptographers and the military than some people would think. Cryptographers have more options, so they can be pickier about which secrets to keep; but the military has to deal with the options it has.