Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interrogate Crypto Luminary Bruce Schneier

Posted by Roblimo on from the whisper-when-you-say-that dept.

Most people who have any involvement with or interest in cryptography have heard of Bruce Schneier. If you haven't, check his online biography, check the home page for his consulting company, Counterpane Systems, or learn about his seminal book on the subject, Applied Cryptography (assuming you haven't already read it). Our usual interview rules apply: one question per post; moderators select their favorites; editors choose 10 - 15 of the highest-moderated questions and send them to Bruce on Tuesday; Bruce's answers appear on Friday.

8 of 146 comments (clear)

  1. Quantum Cryptography by Christopher+B.+Brown · · Score: 5
    Several announcements have been made lately about ciphers being assortedly vulnerable/invulnerable against Quantum cryptography.

    Quantum physics seems to be the "magical" form of physics, and its application to cryptography even more magical. I don't think I properly understand "quantum cryptography," and I don't think that most of the people that have made public comment on it understand it terribly well either.

    Could you comment on the present state of Quantum cryptography, and its probable relevance in public matters short term (which appears nonexistent), medium term (where the research of today may be in 5-10 years), and longer term?

    --
    If you're not part of the solution, you're part of the precipitate.
  2. Have we already lost? by Tet · · Score: 5

    Scott McNealy claims we've already fought and lost the war for personal privacy. Do you agree with him or not, and why?

    --
    "The invisible and the non-existent look very much alike." -- Delos B. McKown
  3. Can cryptography be controlled by law? by Tet · · Score: 5

    Given that most cryptographic algorithms are well known and understood worldwide, can governments control their use effectively by legal means? Do you think legal restrictions on cryptography are likely to become more or less strict over the coming years?

    --
    "The invisible and the non-existent look very much alike." -- Delos B. McKown
  4. AES by aheitner · · Score: 5

    Bruce --

    As many know, your twofish algorithm is one of the (many) submissions to become the AES standard. The goal for these algorithms is to be able to implement them extremely cheaply in hardware -- say on a 6800 with 256 bytes of RAM. In other words, cheaply enough to put on a smart card.

    But IBM's team alleges that any algorithm that simple can be fairly easily cracked by doing a power usage analysis on the chip (by watching fluctuations in the electrical contacts with the reader) and that the necessary equipment to protect against power analysis would be equivalent to a much more complex processor -- so much so you might as well just implement a different and more complex (and hopefully power-random) algorithm. Of course IBM suggests their own implementation.

    What do you think? Is there a way to build a simple smart card so that power analysis isn't a problem? Perhaps the whole question will become irrelevant since we'll be carrying around so much processing power in our PDAs that we'll just use them?

  5. Why should we trust the entire world to Twofish? by Thagg · · Score: 5
    I bought your first edition of Applied Cryptography, and you say two things that bother me, with respect to your submission of Twofish as a Federal standard for encryption.

    In the forward, you describe how you got interested in cryptography, and that you had no background or training in the field, but you thought it was interesting. Also, several times throughout the book you caution people not to trust cryptosystems from amateurs.

    Clearly you have become well versed in the history and application of cryptography, your book makes all other descriptions of the state of the art invisible by comparison. Still, it appears to me that cryptosystem design and analysis requires fairly extreme mathematical proficiency, which I do not believe that you have.

    Now, of course, Twofish is published in detail, and the best people in the world have attempted to crack it (and I think that the competitive process that the US Gov't has promoted is a spectacular way to get the best people to attack each other's ciphers). But, I remain somewhat worried that at the foundations of Twofish...is there something missing that a PhD in mathematics and number theory would have seen?

    The winner of this competition will likely be the next DES, and will provide security for a fairly large percentage of the planet. The stakes are high. I'm sure that you have an answer to this criticism, and I'm eager to hear it.

    thad

    --
    I love Mondays. On a Monday, anything is possible.
  6. Quantum Computing by nano-second · · Score: 5

    What are your thoughts on the recent reports of quantum computing and its effects on encryption?


    ---

    --
    I hope you're not pretending to be evil while secretly being good. That would be dishonest.
  7. CA's vs An Open Internet by Neville · · Score: 5
    What's your response to the notion that the web's reliance on centralized Certificate Authorities for secure commerce is ultimately flawed? There are those, like the Meta Certificate Group, who feel that a hierarchical chain of certificates leading back to only a couple of elite organizations won't hold up in the distributed envirionment of the Internet. The entire framework of e-commerce seems to stand on the private keys of Verisign and Thawte. Do you feel this is a danger, and will there be viable alternatives.

    Thanks again,
    PS Neville

  8. Solitaire (Peer Review Status) by rise · · Score: 5

    As one of the stronger voices behind the proposition that only peer reviewed, open, and thoroughly tested algorithms can be trusted you've widely disseminated several algorithms, Solitaire and Yarrow among them. What attacks or interesting analyses have surfaced since their release?