Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can Bruce Schneier Be Trusted?

Posted by timothy on from the shifty-eyes-and-a-beard dept.

An anonymous reader writes "Security guru Bruce Schneier is, among other things, a world renowned cryptography expert, author of several popular books, and a second-order internet meme. He is also an outspoken critic of the NSA, in particular the massive NSA surveillance programs disclosed over the summer by Edward Snowden. Schneier has been involved in reviewing the leaked documents and has put in effort to determine which cryptosystems should still be considered safe. I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?"

13 of 330 comments (clear)

  1. Just double the encryption by bhlowe · · Score: 5, Funny

    I use two cyphers, just in case. In my case, I found ROT13 and XOR excellent for speed and obfuscation.

  2. witch by stormpunk · · Score: 5, Funny

    Obviously we burn him at the stake. If he burns he was innocent.

    1. Re:witch by Dracos · · Score: 4, Funny

      I am absolutely certain that Bruce Schneier weighs the same as a duck.

  3. I will never trust ... by Skapare · · Score: 4, Funny

    ... Anonymous Coward. There are some very suspicious posts he makes. And besides, he seems to never sleep.

    --
    now we need to go OSS in diesel cars
  4. See if you can build a bridge out of him by Boawk · · Score: 3, Funny

    That's the best way to tell

  5. SubjectsInCommentsAreStupid by lesincompetent · · Score: 1, Funny

    Let the whitch hunt begin!
    Just be sure to have enough matches!

    1. Re:SubjectsInCommentsAreStupid by Experiment+626 · · Score: 4, Funny

      Let the whitch hunt begin!

      Whitch hunt would that be?

  6. Why? by oldhack · · Score: 5, Funny

    Agree/disagree with what he writes/says, but why do you have to trust him? Is he dating your daughter?

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  7. Can Bruce Schneier Be Trusted? by Jeremiah+Cornelius · · Score: 4, Funny

    Why not? I have his SHA256 hash, right here, on this USB stick.

    But wait! Am I sure I spelled "Schneierer" correctly?!?

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  8. Re:Trust no one by Anonymous Coward · · Score: 5, Funny

    Well, if you know your comic-book history, you'd know that Batman had a homosexual relationship with Robin and was shown in the comics in bed with him.

    If there's anything one learns from applying for a security clearance or worldwide politics in general, it's that nobody trusts homosexuals. I trust the Joker. Not only is he not a homosexual, and therefore trustworthy, but a proven innovator with plenty of experience thinking outside the box. I trust the Joker. Not Batman, as Robin has too much filthy blackmail on him.

    -- Ethanol-fueled

    I trust Cat Woman, and if she is homosexual that would be so hot.

  9. Re:Trust no one by Garridan · · Score: 3, Funny

    But from whom do you learn the math? A teacher? A textbook? Unless you derive it all yourself from base axioms, you do have to trust someone at some point.

    A proper math education starts from basic axioms. A teacher should merely guide a math student through derivation of that mathematical knowledge which is taught, all from base axioms. In my undergrad, math majors were required to take a course on the axiomatic foundation of math (set theory). The classes that depended on that built the foundations of algebra, analysis, etc. upon those same axioms. The subsequent built upon those results, etc.

    One problem with crypto is that we've never seen a hardness result of any of this shit. Until somebody proves P!=NP and builds an NP-complete cryptosystem, I won't trust any of it. The math is inherently untrustable without a proof of trustworthyness. The other problem is in implementation. All the math in the world won't save your data from a shit implementation that leaves you open to side-channel attack, etc.

    Society does not break down with a lack of trust, society proceeds, as always, with constant implicit and explicit cost-benefit analysis.

  10. Re: Learn math by Anonymous Coward · · Score: 2, Funny

    He isn't licensed by the NSA to do crypto work. You wouldn't trust an unlicensed lawyer, or an unlicensed doctor, now would you (well, you might, but not for very long)? Better play it safe and keep your child porn and assassination plots securely in a DES container, potential criminal.

  11. Re:Trust no one by hairyfeet · · Score: 3, Funny

    I agree 100%,which is why I wonder why so many attack when I suggest that we should simply discuss whether Naomi Wolf is on to something when she suggests that Snowden may be a plant working still for the NSA. After all it DOES make sense, you can't have a chilling effect if nobody knows to be scared but at the same time there would be too much backlash (not to mention giving groups like the ACLU court standing) if they just came out and said it, so what to do? The answer is simple...disgruntled employee.

    This way those that you want to be scared, the ones that read up on such things, your rabble rousers, WILL be scared and the clueless can be told "its just a disgruntled employee, nothing to see here" and they will go along, finally groups like the ACLU and FSF can't get a court case unless the gov admits they are spying on everyone (because the courts say you have to show you were targeted to have standing) so the disgruntled employee angle neatly sidesteps it. You have to admit, if he is a plant? Its WELL played. I have talked to plenty of folks at the shop and on forums that fear talking out about politicians or the gov for fear of getting a file started while at the same time most of the right wing teabagger types have parroted the disgruntled employee angle, well played.

    As for TFA I'm sure if you ask Bruce Schneier he'll tell you the same, that you shouldn't trust him or anybody else. Of course the bitch is everything from SELinux to most of our crypto now needs to be looked at with an aura of mistrust because much of it ame from the NSA or won NSA contests so you have to wonder, did they choose it for a nefarious reason? Like they know how to break it? And after reading up on the Kickstarter I'm fully convinced Truecrypt is worthless thanks to the extra blob it has on Windows that nobody knows WTF it does and the fact it won't compile from source and work.

    What we need now is a handful of guys like Schneier to come together and give us some basic crypto tools that can be independently compiled, tested, and retested to insure that it works. But if I were forced to choose between something that has been handled or approved by the NSA, something like Truerypt where we now know that the source and binary do NOT math and there are hidden extra bits on Windows, or something approved of by Schneier or worked on by him like twofish? I think I'd choose Schneier.

    BTW does anybody know of a tool that does full disc encryption on Windows like Truecrypt that ISN'T a big question mark when it comes to sewcurity?

    --
    ACs don't waste your time replying, your posts are never seen by me.