Slashdot Mirror


Current Crypto Trends with Bruce Schneier

Saint Aardvark writes "SecurityFocus has published an interview with Bruce Schneier. Fascinating stuff, especially the level-headed assessments of the NSA, spam and the impact of full disclosure: 'Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.'"

3 of 196 comments (clear)

  1. Interesting interview... by nacturation · · Score: 5, Insightful

    Is it just me, or does the interview read mostly like "Stop asking me dumb questions"?

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  2. Please stop abusing the English language by lelitsch · · Score: 5, Insightful

    I am certainly no grammar Nazi--actually, English is my third language, so I am far from perfect. But for the love of God, could the people at Security Focus please try to do some rudimentary editing and proofreading? I don't mind typos, but some of their questions are so wrong that they are very hard to read and understand.

    "Do you think that NSA is promoting ECC based crypto because they cannot crack RSA/DSA based one?"

    What?

    "Or maybe just because they can crack RSA/DSA they prefer to protect USbusiness with ECC (supposed to be harder to crack)?"

    Huh?

    "What about crypto monopoly? Don't you think that having just a couple of public-key algorithms based on the same math problem could lead to a catastrophe if cracked ?"

    This doesn't follow any European-language grammar.

    But the next question takes the cake:

    "Why is often used a money-rewarded challenge to verify a crypto algorithm?"

  3. Re:He didn't answer the question by Spiked_Three · · Score: 5, Insightful

    Not true. I send my credit card through un-encrypted email all the time. People on the receiving end freak out and go into panic. Guess what? Never had a bit of trouble.
    I hate to say it, but most of the people running around crying 'the secure sky is falling' are clueless (vast majority) or are trying to make money from it (Schneier et al.)
    Crypto is part of a total solution. And as is always the case, the weakest link determines the overall strength. You can have the best military encryption on the planet, and if you write your password on a sticky note and tack it to the bottom of your keyboard the encryption doesnt do dick. There are far too many weak points on the internet, for someone who knows what is really going on, to get very excited about encryption.
    How many of the thousands of ID thefts that occurred recently (Bank of America) were originated on a secure (SSL?) link? Answer: probably all of them. See? SSL isn't really all that helpful. Its one of those markets that was created to make money, and the vast majority of the public believe they are buying value.
    While I generally take everything Scnierer says with a grain of salt (because I know he says what someone pays him to say) I'd have to agree with him on this one. No panic, no chaos, no big deal.

    --
    slashdot troll = you make a compelling argument I do not like the implications of.