Ask Slashdot: Can Bruce Schneier Be Trusted?

An anonymous reader writes "Security guru Bruce Schneier is, among other things, a world renowned cryptography expert, author of several popular books, and a second-order internet meme. He is also an outspoken critic of the NSA, in particular the massive NSA surveillance programs disclosed over the summer by Edward Snowden. Schneier has been involved in reviewing the leaked documents and has put in effort to determine which cryptosystems should still be considered safe. I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?"

Re:Trust no one

[godrik]

"Even the compiler can be compromised. Ken Thompson showed that."

Well, double compiling techniques can be used to certify a compiler. (Though it actually assume that you have access to an other safe compiler, which is a little bit complicated, but doable)

http://arxiv.org/abs/1004.5534

Re: Learn math

Schneier isn't even a credentialed cryptographer.

You know he's designed several ciphers, right? Blowfish, Twofish, perhaps you've heard of them? Twofish was an AES finalist. If that doesn't give him credentials, what does?

Re:Diverse Double-Compiling (trust but verify)

[dwheeler]

I've gotten a lot of hits, and that's a good thing. As I noted in another post, I got hit by reddit earlier this year. In general people are becoming more interested in protecting and verifying build environments, as this post about Tor demonstrates.

So please take a look at my Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) page!