Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can Bruce Schneier Be Trusted?

Posted by timothy on from the shifty-eyes-and-a-beard dept.

An anonymous reader writes "Security guru Bruce Schneier is, among other things, a world renowned cryptography expert, author of several popular books, and a second-order internet meme. He is also an outspoken critic of the NSA, in particular the massive NSA surveillance programs disclosed over the summer by Edward Snowden. Schneier has been involved in reviewing the leaked documents and has put in effort to determine which cryptosystems should still be considered safe. I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?"

4 of 330 comments (clear)

  1. Logically retarded by Ralph+Spoilsport · · Score: 5, Interesting
    An assumption of bad faith is self defeating. How can we trust YOU???

    Has Schneier given us bad advice? So far, so good it seems.

    Has Schneier been a vocal critic of the NSA? Yes.

    Has Schneier been on this file for a really long time? Yes.

    Do you have any evidence that he's in cahoots with the cryptofascists? No.

    So, all you have is a speculation to tear down the reputation of one of the good guys, a thought experiment, based on no evidence, but one that has real world consequences of spreading fear, uncertainty and doubt regarding someone who is fighting the good fight.

    Therefore, I would humbly suggest that I could and do logically conclude that YOU are a tool of the NSA, not Schneier, and furthermore, I have more evidence than you do: Your suggestion to consider Schneier as less than reliable based on zero evidence.

    --
    Shoes for Industry. Shoes for the Dead.
  2. Re:Trust no one by Moryath · · Score: 5, Interesting

    And now, folks, it's time for "Who do you trust!" Hubba, hubba, hubba! Money, money, money! Who do you trust? Me? I'm giving away free money. And where is the Batman? HE'S AT HOME WASHING HIS TIGHTS!

    So do you trust the Joker, or the Batman?

  3. Linux backdoor of 2003 & Underhanded C Contest by Valdrax · · Score: 4, Interesting

    To make the claim that linux has been never been intentionally weakened in security, you need to know that every single security vulnerability in Linux (to take one example) was due to carelessness, not intended action.

    Certainly - some classes of backdoor are trivially obvious 'if(sourceip==NSA)' - but others can be subtle logic errors.

    You mean like this attempt in 2003?

    Personally, I'm not longer all that impressed by the IOCCC. Don't get me wrong, some of the code submitted there shows utterly insane levels of skill. However, the above is an excellent example of a good submission for the Underhanded C Contest, which is an excellent teaching tool for discovering exploits as well as for learning about subtle bugs that may drive you utterly mad trying to find.

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  4. Bruce Schneier by david_a_eaves · · Score: 5, Interesting

    I am sitting next (or at least across) from Bruce right now. He is definitely interested (and humoured) in this conversation. As he notes, he's written a book on it. I'd say that a conversation about Bruce's trustworthiness is definitely worthwhile. One should have it about everybody. Of course, it means we should also have it about the people who are most interested in trying to attack Bruce's trustworthiness.