Slashdot Mirror

← Back to Stories (view on slashdot.org)

Distributed Security

Posted by Hemos on from the lock-down-everything dept.

A reader writes: ""Where Schneier had sought one overarching technical fix, hard experience had taught him the quest was illusory." A long and detailed article at The Atlantic Online on why Bruce Schneier has come down from his strong cryptography tower to preach the gospel of small scale, ductile security against the popular approach of broad scale, often high tech security that often proves to be very brittle."

3 of 110 comments (clear)

  1. Interesting article. by ^MB^ · · Score: 4, Interesting

    Very long, but worth the time to read. I've been a big fan of Schneier since i read his book a few years ago.

    Best Article quote: "Cryptophiles, Schneier among them, had been so enraptured by the possibilities of uncrackable ciphers that they forgot they were living in a world in which people can't program VCRs.

    Perfect timing as I'm gearing up for CRYPTO 2002 at UCSB, YAY!

    -Nick

  2. Re:the most important point of the article by dillon_rinker · · Score: 3, Interesting

    what if they sharpen the edge of a credit card? isn't that more dangerous than a nail clipper?

    Yup. Flint knapping is a not-unheard of hobby. Wonder if I could get a piece of deer antler and some rocks past a security guard. Or a CD - ever break one of those? How about a laptop computer? They're full of sheet metal, and you can make an expedient knife out of sheet metal.

  3. Re:Lessons for Programmers by sphealey · · Score: 3, Interesting
    But this often fails - the threat either goes around the armour, or the incoming shell is bigger than you'd bargained for, and penetrates. Far safer in practice, though not in theory, is the Blob. This has layer after layer of safety features, each of which is easily circumvented in isolation, but every one of which limits the damage.
    Two problems: (1) in an actual organization, people need to get work done, and don't have an infinite amount of time to deal with security systems. This is easily seen at a nuclear power plant where Joe Operator can spend up to 25% of his (paid, presumably productive) workday dealing with security and access control mechanisms (2) organizations don't have an infinite amount of money to spend on IT, either. Consider $250,000 spent on a 5-axis milling machine vs. the same amount spent on IT systems and their associated security requirements. Yes, the 5-axis machine is expensive, fussy, difficult to set up, and requires a lot of training. But once it is in and running, it works, generating a stream of profit for the organization. And while it requires maintenance from time to time, it doesn't suddenly explode, taking the entire customer list with it (say). Which may explain the sudden drop in IT investement in the last 2 years!

    sPh