Shannon’s (Kerckhoffs’) Maxim: The adversaries know and understand the security hardware and strategies being employed. Comment: This is one of the reasons why open source security (e.g., cryptography) makes sense.

Corollary to Shannon’s Maxim: Thus, “Security by Obscurity”, i.e., security based on keeping long-term secrets, is not a good idea. Comment: Short-term secrets can create useful uncertainty for an adversary, such as temporary passwords and unpredictable schedules for guard rounds. But relying on long term secrets is not smart.

Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory