Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Can Bruce Schneier Be Trusted?

timothy posted 1 year,18 hours | from the shifty-eyes-and-a-beard dept.

Encryption 330

An anonymous reader writes "Security guru Bruce Schneier is, among other things, a world renowned cryptography expert, author of several popular books, and a second-order internet meme. He is also an outspoken critic of the NSA, in particular the massive NSA surveillance programs disclosed over the summer by Edward Snowden. Schneier has been involved in reviewing the leaked documents and has put in effort to determine which cryptosystems should still be considered safe. I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?"

Sorry! There are no comments related to the filter you selected.

Trust no one (5, Insightful)

Bodhammer (559311) | 1 year,18 hours | (#45201293)

Seriously... Especially the Govt. (and clowns - clowns scare me...)

Re:Trust no one (5, Insightful)

khasim (1285) | 1 year,18 hours | (#45201551)

You have to trust someone, somewhere along the line.

Even the compiler can be compromised. Ken Thompson showed that.

Where I think "anonymous coward" is wrong is that he's implying the Bruce Schneier would NEED to be compromised by the NSA. He wouldn't.

There are two aspects to "crypto".
1. The math.
2. The implementation.

Bruce can validate that the math seems to be correct (or he can be compromised into saying that it seems to be correct) but it is the implementation that gets used.

So even if Bruce actually believed that the math was correct, the NSA could compromise the people/organisation/company that turned that math into a product that you would use.

And it is much easier to claim that a flawed implementation was an innocent mistake than to compromise EVERYONE who can understand the math behind it.

Re:Trust no one (5, Informative)

godrik (1287354) | 1 year,17 hours | (#45201819)

"Even the compiler can be compromised. Ken Thompson showed that."

Well, double compiling techniques can be used to certify a compiler. (Though it actually assume that you have access to an other safe compiler, which is a little bit complicated, but doable)

http://arxiv.org/abs/1004.5534 [arxiv.org]

Re:Trust no one (4, Insightful)

ShanghaiBill (739463) | 1 year,17 hours | (#45201841)

the NSA could compromise the people/organisation/company that turned that math into a product that you would use.

An obvious solution to this would be two (or more) independent implementations. The implementations wouldn't even need to be done by trustworthy entities, just entities unlikely to cooperate. If the NSA does one implementation, China does another, Russia does a third, and they all produce identical output, then that would be good enough for me.

Re:Trust no one (5, Interesting)

Moryath (553296) | 1 year,18 hours | (#45201603)

And now, folks, it's time for "Who do you trust!" Hubba, hubba, hubba! Money, money, money! Who do you trust? Me? I'm giving away free money. And where is the Batman? HE'S AT HOME WASHING HIS TIGHTS!

So do you trust the Joker, or the Batman?

Re:Trust no one (-1)

Anonymous Coward | 1 year,17 hours | (#45201775)

Well, if you know your comic-book history, you'd know that Batman had a homosexual relationship with Robin and was shown in the comics in bed [comicvine.com] with him.

If there's anything one learns from applying for a security clearance or worldwide politics in general, it's that nobody trusts homosexuals. I trust the Joker. Not only is he not a homosexual, and therefore trustworthy, but a proven innovator with plenty of experience thinking outside the box. I trust the Joker. Not Batman, as Robin has too much filthy blackmail on him.

-- Ethanol-fueled

Re:Trust no one (0)

Anonymous Coward | 1 year,18 hours | (#45201605)

and keep your blaster handy.

Re:Trust no one (0)

Anonymous Coward | 1 year,18 hours | (#45201615)

Don't trust these guys [youtube.com] either.

Re:Trust no one (2, Insightful)

optikos (1187213) | 1 year,18 hours | (#45201663)

Applying the mantra of open source to the underlying mathematics: Learn the mathematics of cryptography yourself to find the bugs within the mathematics. Don't place your trust in any person other than yourself. Especially don't worship some brand-name as a god who, as diviner-intercessor, is your sole information-provider on the subject.

In God We Trust (1)

Anonymous Coward | 1 year,17 hours | (#45201743)

. . .all others we track.

Trust no one (1)

Anonymous Coward | 1 year,18 hours | (#45201299)

It's turtles all the way down.

Just double the encryption (5, Funny)

bhlowe (1803290) | 1 year,18 hours | (#45201307)

I use two cyphers, just in case. In my case, I found ROT13 and XOR excellent for speed and obfuscation.

Re:Just double the encryption (3, Informative)

Gibgezr (2025238) | 1 year,18 hours | (#45201457)

This is why we need a "+2 insightful AND funny" category, dammit.

Re:Just double the encryption (1, Interesting)

i kan reed (749298) | 1 year,18 hours | (#45201507)

But more seriously, if you develop your own crypto system, and only share it with the people who are decoding it, it turns out to be rather hard to break. Applying a substitution cipher followed by a matrix encryption, then stick that into any old commercial encryption, no one is going to have an easy time with it.

Re:Just double the encryption (0)

Anonymous Coward | 1 year,17 hours | (#45201711)

Is that you, COINTEL pro? That's some baller advice.

Re:Just double the encryption (2, Insightful)

Anonymous Coward | 1 year,17 hours | (#45201737)

If you develop your own crypto system and never share it with adverse parties that really want to show you up publicly - then

A.) Your system isn't secure
B.) You will have a false faith in the security of your system.

If you don't already understand this, that's fine, but it means you shouldn't be giving out advice about crypto systems, as either you haven't actually done any research into the history of crypto OR you want to mislead people.

Re:Just double the encryption (2)

i kan reed (749298) | 1 year,17 hours | (#45201837)

Blah blah blah, of course I understand cryptosystems. But the fact of the matter is, you shouldn't inherently trust that the system itself is secure. If party C can't figure out how a message was encoded, they can't exploit gaps in that encoding to extract your message. There's no ifs ands or buts about that.

The fact is that people with the will and money to crack RSA can, given just a public key and a ciphertext. You can talk about the theory of interception all day, but the practice is all that matters.

One-time pad (1)

PeterM from Berkeley (15510) | 1 year,18 hours | (#45201611)

Well, if you XOR with a good random one-time pad, I don't think that anyone can break your encryption ever, not even with a quantum computer.

The ROT13 is just unnecessary fluff.

--PM

Re:Just double the encryption (2)

Shienarier (185368) | 1 year,18 hours | (#45201657)

I use 2ROT13.

Re:Just double the encryption (2)

Empiric (675968) | 1 year,18 hours | (#45201681)

Chained-XOR (say, XOR-ing with the key byte sequence -and- the preceding file bytes in the last XOR-ing round, with an arbitrary key length) is actually quite secure.

IIRC, it is one of the techniques that automatically qualified an algorithm as an unexportable "munition".

Re:Just double the encryption (2)

TheCarp (96830) | 1 year,17 hours | (#45201823)

Whats funny about that is, I am pretty sure I suggested XOR in CBC mode to someone recently as a joke. Didn't even realize I was suggesting they use unexportable munitions :)

One time I brought this chick to my pad (-1)

Anonymous Coward | 1 year,17 hours | (#45201825)

. . .and quickly discovered that no one can decipher women.

Learn math (0)

Anonymous Coward | 1 year,18 hours | (#45201309)

Bruce Sheneier is hardly the only cryptologist in the world.

Fucking fanboys.. Christ.

witch (5, Funny)

stormpunk (515019) | 1 year,18 hours | (#45201313)

Obviously we burn him at the stake. If he burns he was innocent.

Re:witch (1)

Anonymous Coward | 1 year,18 hours | (#45201389)

no drown, gah didn't you read the Salem witch trials, drowning proves innocent.

Re:witch (1)

Anonymous Coward | 1 year,18 hours | (#45201511)

Don't be such an idiot, we have much better modern methods that don't render the subject completely useless. You can start with some simple waterboarding and move up from there.

Re:witch (1)

Gareth Iwan Fairclough (2831535) | 1 year,18 hours | (#45201529)

I thought it was "crushing with huge boulders" that proved innocence?

Re:witch (0)

Anonymous Coward | 1 year,17 hours | (#45201797)

We will confirm his innocence by putting him at the bottom of a pool of burning oil with a boulder to keep him down.

Re:witch (1)

smash (1351) | 1 year,18 hours | (#45201437)

Bahaha...

Re:witch (1)

Anonymous Coward | 1 year,18 hours | (#45201563)

What's wrong with you? We still have trials here!

You first have to see if he weighs the same as a duck.

Re:witch (4, Funny)

Dracos (107777) | 1 year,18 hours | (#45201627)

I am absolutely certain that Bruce Schneier weighs the same as a duck.

Re:witch (1)

brianerst (549609) | 1 year,17 hours | (#45201715)

As long as they're both in salt water...

Easy (5, Insightful)

TubeSteak (669689) | 1 year,18 hours | (#45201323)

and has put in effort to determine which cryptosystems should still be considered safe.

Have someone(s) double check his work.
We should be doing that anyway, even for someone who is 100% trusted.

Re:Easy (1)

Talderas (1212466) | 1 year,18 hours | (#45201455)

If they're 100% trusted we should then have it notarized that they wrote every document that their name is attached to.

Re:Easy (0)

Anonymous Coward | 1 year,18 hours | (#45201547)

Have someone(s) double check his work.
We should be doing that anyway, even for someone who is 100% trusted.

That is precisely how that works. People make mistakes, etc. Just look at the slew of OSS libraries that were vulnerable to padding oracle attacks. Heck, even first SSL standard had it built-in and most likely cause is people do not understand encryption.

Learn some crypto. Learn what semantic security and related terms mean. Then you'll find out that the problems are not necessarily in the algorithms, but the implementations that allow side-channel attacks.

Side channel and broken RNG/PRNG are how you most likely will break crypto implementations, not attacking the algorithm.

Re:Easy (1)

bluefoxlucid (723572) | 1 year,17 hours | (#45201719)

He's Bruce Schneier. Bruce Schneier will flex his pecs and encrypt your brain.

Re:Easy (2)

JigJag (2046772) | 1 year,17 hours | (#45201783)

and who do you trust to double check his work?

I will never trust ... (4, Funny)

Skapare (16644) | 1 year,18 hours | (#45201331)

... Anonymous Coward. There are some very suspicious posts he makes. And besides, he seems to never sleep.

Re:I will never trust ... (1)

Anonymous Coward | 1 year,18 hours | (#45201549)

I sleep when I blink.

Re:I will never trust ... (0)

Anonymous Coward | 1 year,18 hours | (#45201645)

And I don't blink because of the angels.

Re:I will never trust ... (0)

Anonymous Coward | 1 year,18 hours | (#45201561)

That's funny, I always thought users never wake up.

IMO we should never rely on trust, even with friends. We should 'depend on' each other, 'depending on each other'. Otherwise it's a business transaction. In (today's) business transactions, no one is to be trusted. Each side should see the other as trying to get as much out of the situation as they possibly can.

So no, unless you personally know this guy Bruce Schneier, then you cannot trust him. He may as well be an actor trying to make money. But so what? Who the hell cares if the community trusts him, or anyone else that's in some position of authority like him? It's not about trust. It's about those people depending on us depending on them, and visa-verse. To me, I am not depending on him, and he's not depending on me. I couldn't care less.

Re:I will never trust ... (0)

Anonymous Coward | 1 year,18 hours | (#45201641)

You may be on to something. I am pretty sure that I have multiple personality syndrome. I keep seeing posts that *I* did not make but by gosh! There's my name. I stay tired too so you are probably correct on the insomnia.

- Tyler D.

Re:I will never trust ... (0)

Anonymous Coward | 1 year,17 hours | (#45201697)

Yeah, Sleep deprivation makes me post stupid things sometimes.

-- AC

Re:I will never trust ... (0)

Anonymous Coward | 1 year,17 hours | (#45201731)

... Anonymous Coward. There are some very suspicious posts he makes. And besides, he seems to never sleep.

Yea, he's kind of a jerk.

He's pretty up front about... (1, Troll)

Assmasher (456699) | 1 year,18 hours | (#45201343)

...not trusting and simply relying upon his evaluations and pointing out that you need to think for yourself.

Not a very positive trait for the NSA irrespective of their goals.

Re:He's pretty up front about... (0)

Anonymous Coward | 1 year,17 hours | (#45201699)

Between these two, who do you chose to use without checking the work:

Alice who says "I am so confident that I can survive scrutiny that I'm going to suggest you check my work"

or

Bob who says "I am right, don't bother to check my work because you are too stupid to even understand my methods."

Now, if I'm Dastardly Dan The Propaganda Man - who do you think I'm going to hire/coerce to vet my Evil Machinations (R) so that The Sheeple will side with me?

You can't (0)

Anonymous Coward | 1 year,18 hours | (#45201351)

And by the way, you're in a virtual reality machine. Everything you know is false.

Good luck!

It's fairly easy. (1)

Anonymous Coward | 1 year,18 hours | (#45201355)

It's fairly easy.
You can simply walk through http://www.schneierfacts.com/

Given his general sense and intelligence (1)

Anonymous Coward | 1 year,18 hours | (#45201357)

He generally gives intelligent logical arguments towards any given subject and if something he said or did was believed to be wrong, the math and crypto communities would be free to point out any mistakes or errors in his words or algorithms and make their points publicly. So far, people seem to generally agree with everything he says and I guess so do I for the most part. That's just my opinion on him so far.

I don't know (1)

Anonymous Coward | 1 year,18 hours | (#45201369)

Can I even trust myself? I mean, how can I even conclusively prove that I'm not being used by the NSA to hide secrets from myself?

You can't (0)

Anonymous Coward | 1 year,18 hours | (#45201377)

He never wears a tinfoil hat, suggesting that this is a safe practice. But we all know it isn't

Trust him to do what? (5, Insightful)

Hypotensive (2836435) | 1 year,18 hours | (#45201403)

If you're talking about absolute trust, i.e. "I trust him" = "I trust him to do anything", you should probably have your head examined.

Phrase your questions better and you will get more useful answers.

Oh please (3, Informative)

weav (158099) | 1 year,18 hours | (#45201405)

If we can't trust old Bruce, we're all screwed. Though possibly we are anyway. But if he's an asset, he's pretty well disguised.

Re:Oh please (2, Insightful)

Anonymous Coward | 1 year,18 hours | (#45201583)

Dude, Bruce Schneider doesn't even trust his own private keys. That should be a lesson to us all.

I'll trust Schneier ... (3, Insightful)

PPH (736903) | 1 year,18 hours | (#45201407)

... to point out the systems that should not be trusted. IMO, there is nobody I'll trust to tell me that a system is safe. Only time and repeated inspections will get something close to a state of trust.

Re:I'll trust Schneier ... (0)

Anonymous Coward | 1 year,18 hours | (#45201479)

He could be an adversary that's trying to bankrupt you by sowing doubt about your secure systems. If you can make your opponent spend themselves silly on paranoia, you win. Basically how the US won the cold war.

Re:I'll trust Schneier ... (2, Insightful)

Anonymous Coward | 1 year,18 hours | (#45201597)

And how Al Queda won the war on terror.

Re:I'll trust Schneier ... (1)

PPH (736903) | 1 year,17 hours | (#45201689)

Not really. Because after the first few false claims, I would no longer trust him. Or anyone else playing that game for that matter.

Tinfoil hats over here! (1)

onyxruby (118189) | 1 year,18 hours | (#45201409)

I've got exactly what you need [urbandictionary.com] ! Tinfoil hats are cheap [amazon.co.uk] . They are easy, to make too, it takes less than two [youtube.com] minutes. Don't believe the MIT study [theatlantic.com] that debunks the time honored tinfoil hat, it's a government conspiracy you know!

Don't worry, there are support groups [meetup.com] for conspiracy theorists! Now I know like any number of other conspiracy theories those pesky facts might get in the way [popularmechanics.com] . However, learn from Joseph Goebbels [psywarrior.com] and don't ever let logic, facts or reality get in your way. I know you look like a raving lunatic to any rational person, but not to worry, there is someone even crazier will soon show up to defend you, so cheer up!

When all hats are tinfoil (1)

mdsolar (1045926) | 1 year,17 hours | (#45201817)

No one will be nuts.

Funny (0)

Anonymous Coward | 1 year,18 hours | (#45201423)

I can see that Schneier is trusted as a religious entity. There you need no proofs. God cannot be proven or disproven. Sorry.

Never trust a man... (0)

Anonymous Coward | 1 year,18 hours | (#45201433)

.. that is a full 2 feet shorter than the average American male.

I keed! I keed!

I trust Schneier more than DICE.COM (-1)

Anonymous Coward | 1 year,18 hours | (#45201447)

Fuck you DICE.

Here you are an answer, which you might not like (5, Insightful)

trifish (826353) | 1 year,18 hours | (#45201449)

Problem: Paranoia
Solution: None

Re:Here you are an answer, which you might not lik (1)

i kan reed (749298) | 1 year,18 hours | (#45201609)

Well, you can always just trust the computer. The computer is your friend.

Re:Here you are an answer, which you might not lik (0)

Anonymous Coward | 1 year,18 hours | (#45201643)

problem: surveillance.
solution: paranoia.

Re:Here you are an answer, which you might not lik (0)

Anonymous Coward | 1 year,17 hours | (#45201781)

You are not paranoid, if they really do want to get you. So, all you got to do to cure your paranoia, is give them a reason to come after you.

seriously? because SCIENCE! (5, Insightful)

new death barbie (240326) | 1 year,18 hours | (#45201451)

Bruce Schnier may be the front-line spokesperson for the security community, but that should be completely separate from his body of work in cryptography. At the bottom line, he's doing mathematics, and mathematical proofs can be reproduced and confirmed -- or debated and disproven -- by anyone else in any country with sufficient background to understand them.

He is not some guru spouting unprovable wisdom from a mountaintop, he is a member of a scientific community, and if he is able to earn and keep the respect of that community, then that's a pretty good indication that he knows what he's talking about.

Re:seriously? because SCIENCE! (0)

Anonymous Coward | 1 year,17 hours | (#45201695)

Bruce Schnier may be the front-line spokesperson for the security community, but that should be completely separate from his body of work in cryptography. At the bottom line, he's doing mathematics, and mathematical proofs can be reproduced and confirmed -- or debated and disproven -- by anyone else in any country with sufficient background to understand them.

He is not some guru spouting unprovable wisdom from a mountaintop, he is a member of a scientific community, and if he is able to earn and keep the respect of that community, then that's a pretty good indication that he knows what he's talking about.

The same argument applies to any organization, doesn't it?

Re:seriously? because SCIENCE! (0)

Anonymous Coward | 1 year,17 hours | (#45201717)

", and mathematical proofs can be reproduced and confirmed -- or debated and disproven -- by anyone else in any country with sufficient background to understand them."

Wrong, because the NSA seeds misinformation into textbooks and universities! If your background is based on disinformation taught to you in schools, then you are introuble...

See if you can build a bridge out of him (3, Funny)

Boawk (525582) | 1 year,18 hours | (#45201483)

That's the best way to tell

There is no such thing as trust (0)

Anonymous Coward | 1 year,18 hours | (#45201487)

For a long time, it's been known. There is _no such thing as trust_.

Either you invent the Universe from scratch, at which point you can trust the things you create as your own god; or you _inherently_ can not trust anything in your environment ever.

http://cm.bell-labs.com/who/ken/trust.html

SubjectsInCommentsAreStupid (1, Funny)

lesincompetent (2836253) | 1 year,18 hours | (#45201489)

Let the whitch hunt begin!
Just be sure to have enough matches!

Re:SubjectsInCommentsAreStupid (4, Funny)

Experiment 626 (698257) | 1 year,17 hours | (#45201803)

Let the whitch hunt begin!

Whitch hunt would that be?

Logically retarded (5, Interesting)

Ralph Spoilsport (673134) | 1 year,18 hours | (#45201515)

An assumption of bad faith is self defeating. How can we trust YOU???

Has Schneier given us bad advice? So far, so good it seems.

Has Schneier been a vocal critic of the NSA? Yes.

Has Schneier been on this file for a really long time? Yes.

Do you have any evidence that he's in cahoots with the cryptofascists? No.

So, all you have is a speculation to tear down the reputation of one of the good guys, a thought experiment, based on no evidence, but one that has real world consequences of spreading fear, uncertainty and doubt regarding someone who is fighting the good fight.

Therefore, I would humbly suggest that I could and do logically conclude that YOU are a tool of the NSA, not Schneier, and furthermore, I have more evidence than you do: Your suggestion to consider Schneier as less than reliable based on zero evidence.

Yes. (0)

Anonymous Coward | 1 year,18 hours | (#45201519)

Even when Bruce Schneier lies, he can roundhouse kick reality into changing to suit his statements.

I don't get the meme (0)

Anonymous Coward | 1 year,18 hours | (#45201521)

He looks like Chuck Norris.

Trust no one (4, Insightful)

Dunbal (464142) | 1 year,18 hours | (#45201535)

Seriously. The mere act of trusting someone will eventually lead to that person betraying said trust. Trusting someone puts them in a position of power, and power corrupts. You can't trust anyone.

Re:Trust no one (2)

Cro Magnon (467622) | 1 year,17 hours | (#45201691)

Seriously. The mere act of trusting someone will eventually lead to that person betraying said trust. Trusting someone puts them in a position of power, and power corrupts. You can't trust anyone.

That's a very good statement. I trust you completely.

Once you start mistrusting... (0)

Anonymous Coward | 1 year,18 hours | (#45201537)

"How do you know who your daddy is? Because your mamma told you so."

--JFK

Learn to Judge by yourself / dont just trust (2)

burni2 (1643061) | 1 year,18 hours | (#45201545)

Hi,

read his papers check the hints within, its even possible for non crypt-math geeks to get a background understanding, because
there are many more out there. Work out differences in their argumentation, dont just think because there is a citation it can be trusted, check what`s
behind a citation.

Wikipedia is the best entry point for you.

Check Argumentation on a logical level, and question the argumentation, especially if it fits the known problems till know, when it remains true, you have a good chance that its really true.

Trust cannot be proved (1)

aaaaaaargh! (1150173) | 1 year,18 hours | (#45201557)

It's a subjective measure, based on long experience with someone and someone's writings. It's much easier to assess trust from personal contacts, but even then you can get thoroughly disappointed - just think of some types of failed marriages as an example.

The question is why would you personally have to trust Bruce Schneier? I don't have to, in order to enjoy his books and blog posts and make up my own mind. Has he recently asked you to hand over the masterpassword for you computer?

Regarding business with his company, overall reputation and a realistic assessment of threat scenarios is more important than personal trust. If you believe the NSA is your main adversary and you contemplate whether you should put all of your trust into Bruce Schneier as your sole savior, you might want to revise your "requirements".

He's just a bot... (0)

Anonymous Coward | 1 year,18 hours | (#45201571)

Bradley Manning, Ed Snowden, and Bruce Schneier are just bots that are engaged in misdirection to keep people from seeing the *real* backdoors in computing systems. The government TLAs have many ways of getting into our systems. If they can keep us working on the least effective backdoors, then we miss the real threats.

Or not.

...and it's come to this, hasn't it? (4, Insightful)

StandardCell (589682) | 1 year,18 hours | (#45201573)

I guess people's paranoia with the NSA revelations have been difficult to swallow. Now everyone is slowly becoming suspicious of everyone else.

Anything is possible I suppose. To me, it was no surprise really. I do have to say that, having worked with individuals in the security community, the primary focus really is the safety of our way of life at the hands of those who would subvert it.

The problem comes when those of less character use the government apparatus for control, political or other purposes. It's the same reason police and military need to be kept separate - one enforces the rule of law, and one protects against enemies. When those lines are blurred, history has demonstrated repeatedly that individual rights suffer. The degree to which this happens is the degree of the moral compass of those at the helm of this extremely powerful surveillance apparatus.

I'm not sure how many true boy scouts are really left running the show up there, but I do know this: the more paranoid we get, the more we lose. All of this need not come to pass in this way. One of the most important things I learned in my time in this world was "trust, but verify" and it rings true today. You can still trust the message that Bruce Schneier has. We have to, for otherwise we will be consumed by our own paranoia. But to verify is probably the most important point. That's where openness and information sharing in the spirit of open source is paramount and what will lead us to the proper conclusion on this matter.

No (0, Flamebait)

Spiked_Three (626260) | 1 year,18 hours | (#45201585)

Hell no.

Personal experience; Ask Bruce to evaluate our product. His reply "The more you pay, the more I like it."

He is a crypto savvy person, who can manipulate his opinion however it needs to, to generate the most income.

Do you trust a dentist to tell you how often you need dental checkups? Or an oil change company to tell you how often to change your oil?

Oh wait, you probably do, don't you?

Why? (5, Funny)

oldhack (1037484) | 1 year,18 hours | (#45201593)

Agree/disagree with what he writes/says, but why do you have to trust him? Is he dating your daughter?

He Would Agree (3, Insightful)

wisnoskij (1206448) | 1 year,18 hours | (#45201625)

This question is stupid. It would not matter if he was the most honest, intelligent, and experienced security expert in existence, he would tell you the same thing, do not trust him.

What about ourselves? (3, Insightful)

Dzimas (547818) | 1 year,18 hours | (#45201631)

Forget Schneier. The critical question is actually "Can we trust ourselves?" I'd argue not. Many of us post all manner of information about ourselves, our family, friends and work acquaintances on Facebook, LinkedIn, Twitter, Four Square and other sites. Our GPS-equipped phones know where we are, where we've been, and can probably predict where we're going and when. Short of unplugging, there's little we can do to assure that we're trustworthy electronic citizens.

538 (1)

ArhcAngel (247594) | 1 year,18 hours | (#45201649)

As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?

What's good for the goose is good for the gander. [xkcd.com]

The Schneier AI: (2)

Hartree (191324) | 1 year,18 hours | (#45201661)

He's really version 2.0 of a long term general intelligence project running on a supercomputer at Fort Meade.

Version 1.0 was called Henry Spencer and was developed in Canada.

(The original graphics version now used for videos of him started out as Max Headroom. This demonstrates yet again, it's much easier to improve on the presentation than the underlying system.)

Re:The Schneier AI: (1)

mjwalshe (1680392) | 1 year,17 hours | (#45201815)

In that case Mr Finch will send in John to rescue Him as this week s POI :-)

NSA retalliation against bruce (0)

Anonymous Coward | 1 year,17 hours | (#45201705)

This sure sounds like the start of campaign to bash Bruce for helping snowden and greenwald.

There has been no evidence direct or implied that he might be a trojan. This post, definitly smells like the U.S. gov shrills trying to plant doubt in the community about a respected authority.

Trust.. but Verify. (0)

Anonymous Coward | 1 year,17 hours | (#45201725)

Trust.. but Verify.

Hold on ... (1)

tgd (2822) | 1 year,17 hours | (#45201735)

There's two reasons to potentially not trust Bruce Schneier -- he's in cahoots with the NSA (and by "cahoots" I mean involved in a conspiracy to somehow impact you) or he's biased against the NSA, in which case his opinions are equally untrustworthy.

It doesn't matter why someone's opinion isn't neutral -- its just as invalid to blindly trust it if that opinion matches yours or not. In fact, its probably worse to blindly trust it if it happens to match yours because you already have a bias.

Here is the ultimate way... (0)

Anonymous Coward | 1 year,17 hours | (#45201777)

Invite all these "experts" to create a website of "secure code segments". Things like authentication, validation of input, etc., across all languages. Essentially, cut-and-paste bullet proof code that can be dropped into projects. Then we will not need to trust any single individual.

When it comes to crypto, well there is a lot of FUD out there. The push for using standard crypto systems is because it makes it easy to identify and hack. In a scenario were everyone is using self-created weak systems, it is much more difficult because of the time to analyse and the inability to reuse code (read expensive). Just because it is easy to crack something, or reverse a function, does not mean the NSA know what function they need to reverse. So, I would combine them both.

Security through obscurity therefore does have its place.

Everyone needs to focus on the practical implementation of a crack, not the theoretical aspect.

What this all proves (0)

Anonymous Coward | 1 year,17 hours | (#45201779)

Is that "Ask Slashdot" needs to just go away permanently, and the Slashdork editors whipped.

The test (1)

mjwalshe (1680392) | 1 year,17 hours | (#45201789)

The BT security directorate will obviously administer the test at Martelsham/BT Labs/Disatral Park - in the time honored suffolk fashion by throwing him into the lake at the labs if he sinks we can trust him if not hes a witch :-)

though Bruce's lack of a proper martleman beard will probably count against him.

Tinfoil hat time (1)

EmperorOfCanada (1332175) | 1 year,17 hours | (#45201821)

Now that tinfoil hats are in fashion the answer is quite simple. If he proves a weakness then the crypto system is crap. If he doesn't then regardless of his motives the system still can't be trusted.

Here is where we can even add a layer of lead to our tinfoil hats. What is to say that the NSA doesn't have working quantum computers? Thus almost any system that is susceptible to any sort of quantum math such as factoring is quite simply dead as far as the NSA is concerned.

This last is an important consideration. Because most of us have no data that the NSA could be even slightly interested in. Let's say a forum discussing shoe repair techniques. So in that case all we are concerned with would be that our cryptographic system will protect password hashes, CC encryption, and keep SSH server access secure. So most of the old systems are probably still quite nice.

But there is an edge case where the NSA couldn't give a crap but a large politically connected corporation would like to have a peek into your systems and then the NSA might give them access. So if you were say a huge conglomerate bidding on a massive infrastructure project, those who were bidding against you might be given access to your data due to "national interests". A simple reason why organizations like the NSA might want to help large corporations is that then those corporations will lobby on the NSA's behalf in times like the present. Can you imagine how many senators/congressmen are in districts where GE is a large employer? In that light it would be stupid for the NSA not to hand them interesting data.

Even here in Canada I could see our spy bunch giving stolen data from Canadian companies that weren't politically connected to those that are politically connected.

How did this drivel (1)

Presto Vivace (882157) | 1 year,17 hours | (#45201831)

make it to the front page of Slashdot?

Messenger vs Message (1)

j_l_cgull (129101) | 1 year,17 hours | (#45201839)

If the focus is on the message, the messenger is irrelevant. The message should be scrutinized (which sounds like "Trust, but verify").

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?