|| ||"Eric S. Raymond" <esr-AT-snark.thyrsus.com>|
|| ||If Cisco ignored Kerckhoffs's Law, users will pay the price|
|| ||Mon, 17 May 2004 14:49:13 -0400|
The 15 May 2004 theft and publishing of the source code for Cisco's
IOS router firmware may mean a wave of exploits against the critical
router infrastructure of the Internet may be on its way. If that
happens, it will be because Cisco ignored one of the iron rules of
network security -- and experts the world over will be muttering
"if only IOS had been open source".
The iron rule is Kerckhoffs's Law, which states "A cryptosystem
should be designed to be secure if everything is known about it except
the key information." Now that the source code of IOS is circulating
in the cracker/phreak underground, we're going to find out if IOS followed
that rule. If they didn't, we'll find out the hard way.
What has this got to do with open source? Well -- if IOS had been
open source to begin with, we'd have a firm basis for believing that
it passes the Kerckhoffs test -- open source keeps you honest that way.
As it is, customers' first notice that they didn't is likely to be
chaos and havoc from router compromises.
Claude Shannon, the inventor of information theory, restated Kerckhoff's Law
as: "[Assume] the enemy knows the system." Here's Raymond's Reformulation for
the 21st century: "Any security software design that doesn't assume
the enemy possesses the source code is already untrustworthy;
therefore, *never trust closed source*."
Maybe the theft will be a good enough reason for Cisco customers to
check out open-source alternatives like XORP or FREESCO. And that's
not just a good idea for router firmware either. As the Netsky and
Sasser worms pound on your Windows machines, ask yourself: "Is there a
Millions of Linux users already know the answer is yes.
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
to post comments)