Schneier on Security
A blog covering security and security technology.
« Defending Against Crypto Backdoors |
| Dry Ice Bombs at LAX »
October 22, 2013
Can I Be Trusted?
Slashdot asks the question:
I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?
So far, I haven't seen the good reasons why I might be untrustworthy. I'd help, but that seems unfair.
Posted on October 22, 2013 at 11:32 AM
• 164 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Doesn't "Schneier" rhyme with "liar"?
My dogeared copy of Applied Cryptography convinced me I can trust, to some level, the entity known as Bruce Schneier at that time, but the entity currently claiming to be Bruce Schneier may need to provide a secret decoder ring to convince me he is now the same person that he was.
Since few of us have the deep core training and experience Bruce does, it stands to reason that if I'm going to be a lemming, I'd prefer to be a lemming in Bruce's herd. (I say herd as opposed to slice 'cause I really don't want a slice of Bruce, just his security perspectives!).
It doesn't matter if Bruce is trustworthy. You should never trust one source, but should check among as many as you can, to verify what is true.
Bruce seems comfortable with Windows (e.g. on his air gapped laptop) but less familia with open source OSs - this makes him suspect right there 8-)
Bruce has said repeatedly "Trust the math."
I've never heard him just say "Trust me."
Does that make him trustworthy? No.
I do think it makes him smart though
(but that is just my opinion).
If he offered reasons why not to trust him, he might not make a good enough case, in which case we'd be suspicious that he could be deliberately offering weak evidence as a sop for our probing when he is in fact nefarious. Or he might make a good enough case, and then we wouldn't trust him.
Nothing good can come of him trying to help us ascertain his trustworthiness.
If you were trying to track and infiltrate dissidents, you want someone who will gain the trust of those who would seek to undermind subjugation. A well known cryptographer and staunch critic of the NSA? Who could be a better choice?
Of course, you could just be a shapeshifter looking to divide the public to incite war so that the people will be distracted, our resources weakened, and our population thinned when your mothership comes in to take over the earth (if only you had come to take over the earth 500 years earlier, there would have been no real resistance... you must have really bad luck).
So far, I haven't seen the good reasons why I might be untrustworthy.
Your finances are private. We don't know what your BT job involves and we don't know who else employs or pays you.
"'So far, I haven't seen the good reasons why I might be untrustworthy.' Your finances are private. We don't know what your BT job involves and we don't know who else employs or pays you."
That's certainly one good reason.
I am reminded of the RPG from the '80s called "Paranoia"
"The game is set in a dystopia future city which is controlled by an artificial intelligence construct called 'The Computer', and where information (including the game rules) are restricted by 'security clearance'. Players are initially enforcers of The Computer's authority, and will be given missions to seek out and eliminate threats to the The Computer's control. The players are also part of prohibited underground movements, and will have secret objectives including theft from and murder of other players"
and its motto:
"Trust no-one, stay alert and keep your laser handy!"
OMG we are all *so* screwed.
"So far, I haven't seen the good reasons why I might be untrustworthy"
To address Bruce's comment directly; the article is not able why we shouldn't trust him, but how we can.
We shouldn't _blindly_ trust him because we shouldn't _blindly_ trust anything. There are plenty of comments here and in the linked article that say the same thing: "Trust, but verify."
Of course Bruce is smart enough to know this... yet he brings up this strawman argument anyway.
Hmmmm, I think I just found a reason to not trust Bruce!
Let's ask Kip Hawley!
I know in recent days there has been a lot of coverage of Bruce's opinions of the NSA's cyber-surveillance, but the term "security theatre" didn't come from his views of that particular three-letter agency.
Most of Bruce's work, that I've read, falls in areas of the mathematics of cryptography or the social implications of security processes. The math is the easiest bit to "trust", it's checkable. While I haven't checked much of it myself, I know that the publishers of several journals would love to publish a "mistakes made by Bruce Schneier in his latest math book" paper. The absence of such papers, and the existence of math PhD students who would benefit from writing them, makes his math trustworthy-enough for me.
The social stuff isn't very useful to the NSA. He's producing generalizations for a public audience to apply to the specifics of their situation. Making it easier to discuss what you think of the security vs privacy tradeoff is at best neutral to NSA. They'd prefer the subject not be discussed at all.
I'm not buying the premise of the SlashDot question. I don't see how NSA would benefit from Bruce's advocacy on their behalf.
I think the greatest defense of our good man Bruce is that he doesn't say to trust a particular crypto system, but rather to trust systems that are: 1) open-source so we can verify the implementation and 2) require compatibility with like systems, so they're harder to modify. That speaks reasonably well of adhering to principles that enable crypto to work than of being a shill.
I counted four reasons :)
My assessment of "risk" posed by Schneier
I've counterpointed Bruce plenty here. I love the blog, but I'm not of "the cult of schneier." ;) I'm also willing to say something unpopular and get attacked by online crowds if I think it's important. Evidence I'm principle driven. So, that's my creds. Here's my conclusion (not analysis) of Schneier's trustworthiness I did a while back.
Overall, Bruce's posts are consistent with a guy using what he knows to (a) maintain his own reputation in the field, (b) explore/debate major issues esp cross-disciplinary ones, and (c) help readers (including whistleblowers) do their own security better. This consistency has lasted for around six years of me being on this blog. There is also a record to every post he's made on this blog and in many online resources that repost them (which can reveal edits). So, anyone wanting to look at his statements and recommendations for character/risk assessment has plenty of material to go on.
The one risk area is his work for British Telecom. He certainly doesn't say too much about the scheming shit they've been part of. He's often ignored questions by blog readers about such things that did make the news. His job *might* also require him to take part in whatever they're doing, at least as an advisor. If it was a BT issue, I wouldn't trust him due to conflict of interest. Personally, I put this risk in the category of "don't bite the hand that feeds." It's the only exception to his openness on these types of issues, it hasn't stopped him from posting things unpopular to authorities, and hence I consider it a non-issue for his general trustworthiness. People investigating BT for some reason might want to get another source, though. ;)
In summary, a persons statements and actions over time collectively make up their character. The statements and actions can also reveal intent. Everything I've observed overtime says that Bruce is not a subversive and might even be doing damage to the organizations that would want to subvert us. He is, therefore, trustworthy by proof of years of [mostly] trustworthy behavior.
(For now... wink)
Even if Bruce was in cahoots with the NSA, there are lots of other crypto experts out there. Either they'd all have to be in cahoots with the NSA, or there'd start to be public disagreements about what constitutes proper security--and you can't fool math. If Bruce's opinions started repeatedly turning out to be wrong, he'd become suspect.
Well, he's also asked for stories about being approached by the NSA, he's paid to consult on many private projects, and he develops cryptographic standards and utilities which could theoretically contain backdoors, plus there are rumors that he can launch nuclear missiles by glaring at a traffic camera (even if it's off).
Without more information about his personal life it's difficult to tell if we should be concerned about how much leverage a state actor could generate through threats to those Bruce cares about. Bruce might also be subject to blackmail due to actions in his personal life.
Has anyone been doing language analysis of Bruce's writings so we can be sure that the person currently claiming to be Bruce is the same person that wrote his books and earlier works?
Language analysis wouldn't make you sure that it's Bruce Schneier, only provide evidence that it's not him. If you can perform language analysis, then the Faux Schneier can also perform language analysis to verify that their writing appears to be from Bruce Schneier.
"So far, I haven't seen the good reasons why I might be untrustworthy."
I hope that's tongue-in-cheek. :)
Trust is like a properly-configured firewall: it defaults to "no". We evaluate for trustworthiness, not for non-trustworthiness.
That is why we need Bruce (2013) to pull the hidden "see, I really AM the same Bruce Schneier" message out of the first edition of Applied Cryptography that he surely left in place as an identity verification system for the future.
Wait… who? ;)
Don't get me wrong, but I think it is a rather useless effort trying to find out if Bruce can be trusted. Let's remember that — most of the time — "NSA Can Neither Confirm Nor Deny Anything Without Causing 'Exceptionally Grave Damage' To National Security". Likewise, if Bruce were somehow related to them, he would never be able to confirm or deny it either.
In the end, all that's left is our personal opinion… and that's hardly proof to anything (except for the level of our personal paranoia).
It would be most unlikely that BT are not quite instrumental in NSA theatre operations with GCHQ thinking too to lead the colonials from the shadowy rear as if following lamely as a lapdog. They may think that be stealthy but .... well, some might call it artfully deceitful and maybe not quite truly British. In order words, a bit of a bastard of a great game operation and something to be exploited and developed further in these strange new virtually receptive times.
After all, whatever else would you expect from natives who supplied you with the likes of cricket and rugger? :-)
Bram Cohen says that "there's plenty of circumstantial evidence" that Applied Cryptography is the most successful instance of BULLRUN (after OpenSSL).
Matt: there is public disagreement about whether ECC is a good idea. Also, there's a quieter disagreement about DH vs RSA.
I find it more likely that Bruce was involved with the JFK assassination than he is a tool of the NSA.
UFOs though? No comment.
An anonymous reader writes:
...Who better to reinstate public trust in weakened cryptosystems?...
#1, why in the world does anybody pay attention to anonymous tin-foil-hat-wearing conspiracy generators, and
#2, trusted in what sense, and for what purpose?
I trust Bruce to write books. I buy a book, and I trust that the book will have 99% of the pages with printed content. When I read his books, I think for myself, and I work through the content.
However, I can see that trust is an issue with people who don't have technical expertise, possibly like "anonymous reader" on slashdot.org.
Let's say that Bruce is on the NSA's payroll, and he receives a monthly check, and has a weekly chat with an NSA supervisor. How does that affect the implementation of cryptographic ciphers and protocols?
It doesn't. Because Bruce implements very little. He doesn't have a large effect.
Implementation is up to the many hands at many keyboards typing away, creating source code, which is compiled into the programs running on computers. The protocols, and potentially the code, will be reviewed by many people. A very significant number of them would have to be on the NSA payroll for the protocols and code to be weakened, and no word gets out about it.
But what does it take for vulnerabilities and weaknesses to remain hidden? It means that everybody with a brain has to keep their mouths shut!! And that's not likely to happen.
I don't remember where I read it (I think it was on one of my books on hacking) that all it takes is one smart person. One smart person discovers the weakness or vulnerability, and yaps about it. One smart person is all it takes to take that weakness or vulnerability, and write an exploit for it, and publish it.
So what if Bruce is on the NSA's payroll? He's a product consumer, not a product producer. The only role he can have is as a mouthpiece, claiming that everything's just fine now. But ya know what, there's lots of other people out there that will be looking at the same things that he does, and can also do the math. And they will, or will not, confirm what he says. And if he claims that everything is fine when it's not, you can rest assured that someone will say things are not fine, and have the exploit code to prove it.
Bruce's character without information about his bowel movements is greater than any idiot I have had the chance to encounter--and I have direct interaction with OPM. It is those weak in character who believe their bowel movements don't stink that you have to concern yourself with. Uh oh, I used a reference to a TLA...disclosure, I do not work for or with the government currently. There, that proves I am not an emperor.
Mr. Schneier has absolutely nothing to do with the NSA, nor is he on the NSA payroll. At the NSA we have no knowledge of Mr. Schneier's activities nor any influence on his work.
You don't prove trustworthiness, because it amounts to proving a negative: Proving that he's not a "defector," to use Liars & Outliers terminology.
You can prove UNtrustworthiness with a single instance of defection.
Many in this thread bring up many interesting things to examine when looking for that one defection; but because you can't prove a negative, the decision to trust can't be made algorithmically. It's a judgement call -- art, not science.
I've heard it claimed that you are human.
Also, there's this vicious rumor that you live on the same planet as one member of the NSA.
Unfortunately, I am too lazy to verify whether you actually exist, so I've never got around to investigating these claims.
So, for now, just color me skeptical.
@ Douglas Knight
"Bram Cohen says that "there's plenty of circumstantial evidence" that Applied Cryptography is the most successful instance of BULLRUN (after OpenSSL)."
LMAO. That's great. Thanks for the link there was plenty of interesting comments over there.
@ NSA spokesperson
"Mr. Schneier has absolutely nothing to do with the NSA, nor is he on the NSA payroll. At the NSA we have no knowledge of Mr. Schneier's activities nor any influence on his work."
Of course, if Schneier was working for the NSA, the program employing him might very well be a SAP or USAP. And it is entirely legal for lies to be told to obscure such program's goals or even existence. Hence, a claim of "no knowledge" might be true in only the most literal way. ;)
" It's a judgement call -- art, not science."
trustworthiness is not a boolean
"I've heard it claimed that you are human."
Claimed yes but proven? I'm not even sure Bruce exists.
This effort seems like NSA subtrafuge.
Of course, every human being is a closed source program without code review on aging hardware. Even if you are in a trustworthy state today, we have no way of knowing that you will remain trustworthy in the future.
Clearly the Slashdot poster has not seen schneierfacts. If he knew you could go all kung fu crossed with Walker crossed with that math crime fighter on the TV show Numb3rs then I am sure he would not have dared called into question your trustworthiness.
Seriously though - we aren't sheep. Most of us here are adults and are more than capable of making a judgement on how much your posts can be trusted. You have said nothing so far that has made me doubt you or believe you have been compromised.
But... Maybe you're just that good a secret agent
When I went to email you a couple months ago, you didn't have a published GPG key I could find, which seemed supremely weird for someone for whom it seemed plausibly important to be able to have encrypted conversations with.
The reason for trustworthiness should be obvious: because we can observe and verify the math and the code ourselves. The question of "trust" only arises in the context of closed code and standards.
This sounds like a spin-off on the meme that things which are "secret" seem to be the most trustworthy (or trusted). Bruce isn't secret, so...?
I would say, ultimately, what one believes one is trusting are not trust in the things or ideas themselves, but the act of having trusted someone or something as such, and more importantly, for specific reasons. Aka, 'confidence' as an instance of becoming self aware, I would like to think.
I suppose people in general would think of 'trust' to be meaningful as a broad notion that has instilled a sense of appreciation in them, however in my language 'trust' is used in so overly generalizing ways that I can't help becoming annoyed all the time when I read about it in online newspaper articles.
As for any general idea of perchance idolizing people or making assumptions about any one person, I think it is best to assume that everyone is subject to vanity one way or another (akin to a deeper meaning of mine of what one understands as being *someones* personality), and so that there could be an ideal person out there that fit to ones own ideals would probably be next to impossible, or so I would like to think.
I have strong, direct evidence of Bruce's untrustworthiness. I watched him carve into a durian fruit at the far end of a backyard in Toronto. It had to be very far away, of course, but I watched him do it.
As he carved into it, then shared out pieces of it to the brave and foolhardy, he was smiling broadly. The entire time. 'Nuff said.
The entity which labels itself 'Bruce Schneier' is a black box (we know nothing of it's internal structure or vulnerabilities).
We have approximately zero knowledge of it's inputs (though it occasionally 'replies' to input provided through these comments).
Most of us can only access a small fraction of it's outputs (those which are intentionally public).
So it seems unlikely that it would be rational to be confident or trust in the truth of FUTURE output.
Nevertheless, I have evaluated and choose to attribute value to that which 'it' has output up till now, so I will continue to read it...
While I doubt we can prove Bruces trustworthiness we certainly can't prove his untrustwortyness. Many of the "hacks" happening now were mentioned in applied cryprography. It certainly wouldn't make sense for someone in coherts with the nsa to mention the possibilties a decade in advance.
My 2cents tells me that either Bruce is trustworthy or the nsa is plain ignoring someone they're paying or the whole deal is simply a hoax designed to sell more of bruces books. Sorry Bruce but I doubt you have that much power.
Bruce has made several thesis about the nsa. Many of them prove to be true. If Bruce was in coherts with the government I suspect he'd have been imprisoned years ago.
@c: "We have approximately zero knowledge of it's inputs (though it occasionally 'replies' to input provided through these comments)."
I hear Bruce had a grilled cheese sandwich yesterday.
"Most of us can only access a small fraction of it's outputs (those which are intentionally public)."
I don't think the public wants to know about how the grilled cheese was output later.
At this point, I'm sad to say, the most worrisome thing about Bruce is just that he lives and has financial interests in the US. This probably would make it easier for the NSA to apply pressure to him.
On the other hand, at this point I'm not sure what I would consider a 'safe' nationality.
Gödel problem...in every system we can formulate a question that cannot be decided inside that system with its rules...
but MetallicA helps us with Nothing else matters, as ,,never care for what they say'' or ,,trust I seek and...'' ohh, full stop.
btw, trust is psychology with less exact math formulas, so better not to deal with quantity.
Bruce, shouldn't the correct answer have been "no I cannot be trusted.
And neither can anyone else."?
Having said that, I would still trust you enough that -- well, if you were
a plumber I might hire you for the odd job once in a while (example taken
from Liars and Outliers).
But in all seriousness -- I suppose you must have been aware that each
and everyone here of the regular posters and readers has wondered about
the question you laid before us. The funny thing is, there is no answer,
there is no right answer, there is no question (trusted to do what?!).
The comforting thing to know is, the Snowden revelations have not
changed that in any way. What is trust? Some kind of feeling in the mind
of the object of it, the candidate to be trusted? Something in the mind
of the one doing the trusting? Or is it an interaction, some immaterial
'state-of-being' based on a social relationship?
If you care to know:-- I trust you -- even though you would prob. say "you
"So far, I haven't seen the good reasons why I might be untrustworthy. I'd help, but that seems unfair."
Of course, you have the burden of proof in the wrong direction. The default position should be lack of trust. The SlashDot exercise has it the right way 'round.
The entity which labels itself 'Bruce Schneier' is a black box
--Yeah, agreed. Bruce, care to make some "ports" or "pin(is)" available to insert probes? Maybe make a "RectumS-232" serial connection?
Its kind of interesting how there seems to be _some_kind_of_a_ consensus on what can be trusted to what degree.
Or am I wrong? Perhaps just fantasizing? Could be. It seems to me though that we could group some key actors mentioned in this blog since the Snowden incident into a hierarchy of trustworthiness.
Here is an example (position 1 implies more trust, other positions less trust to some degree):
1. Bruce Schneier
2. Linus Torvalds
Disclaimer: This is just an non-scientific attempt to gauge public perceptions and viewpoints expressed on this blog.
Figureitout: it all started with that Electric Dreams video. The NSA has strange ways of making you talk. Employing transvestite rock groups that ask you for a cameo is technique #4337. You don't want to know 4338!
This reminds me of Liars and Outliers, after all we need to trust someone for our little society to move on. Someone always have better information then you:
doctors about meds dosage in your body,
chemist about chemicals in your food,
architect about your building stability
as long as there is not a lot of conflicting opinions within one field we are safe in our assessment that expected utility of doing business with the average member of that profession will be positive.
Then again, me just saying hello from Wall Street.
Consider using ECC instead of RSA for encryption. This will make DOS attacks based
on key generation less of an issue.
Have you changed your recommendation?
Trust the math BUT be ready for quantum computers :)
I'd say the good reasons to trust you are the same as the reasons for trusting any other individual. And equally subject to invalidation upon learning of any trust-invalidating facts. People do this sort of analysis in their heads all the time:
Direct trust: Do the things you say mesh with my worldview? Are they consistent? Are they contradicted by any facts I think I know? When I do the verify part of trust-but-verify do I always get what I should? Do I *feel* like you are trustworthy? (Hey, don't knock intuition.)
Chain-of-trust: Are there people whom I trust that also trust you? Are there people whom I trust who are condemning you or saying you're not trustworthy? Do you have an established history that has shown you to be trustworthy to me or to others in the past?
Cost vs reward: Theoretically, anybody could be running a long con. However, there's an important question of ROI involved. Who would stand to benefit, and by how much? What would the costs be to run that long con, and what are the hypothetical bad guys willing to spend?
BTW, there is an interesting corollary question to whether you are in cahoots with bad guys that everyone should also always be asking: what if you are completely sincere, but also dangerously wrong? This is a different form of trust, but no less important.
Sure I trust Bruce. He has such a nice smile!
Alert - counter argument ahead........
Bruce talks about security encryption but doesn't use WiFi encryption himself (https://www.schneier.com/blog/archives/2008/01/my_open_wireles.html).
He talks about using airgaps, but clearly is connected to the Internet (https://www.schneier.com/blog/archives/2013/10/air_gaps.html).
Do I trust him? No.
Do I need to trust him? No.
Do I trust anyone? No.
Bruce is just a technical guy (calm down) who has a platform, no more no less. Consider him a rock star if you desire, a politician if you want, or a good techie if you like follow what he talks about.
But ultimately, make up your own mind; you cannot cry to your employer if you implement what Bruce talks about, so don't blindly follow him, or anyone for that matter.
But consider this:
Bruce works for BT ( https://www.schneier.com/about.html) and therefore you would think he is security cleared - otherwise how can he really support part of the UK Critical National Infrastructure.
However, he was given access to info by the Guardian ( http://www.technologyreview.com/news/519336/bruce-schneier-nsa-spying-is-making-us-less-safe/).
So if holds clearance why did he not hand over the clearly classified documents to GCHQ?
So was he paid by the Guardian to review the classified documents before publication?
Does that mean he was paid to help a UK newspaper leak UK and US classified information?
Remember that it is 'classified' for a reason; because the author considered the loss or disclosure of it would cause significant damage to Nation Security.
Is that the mark of a trusted man, to breach national security guidelines and help publish secrets? (the second link is to formerly TOP SECRET presentation!)
( http://www.theguardian.com/world/nsa , http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document ).
While Donn P Parker said in "Fighting Computer Crime, a New Framework for Protecting Information" (John Wiley & Son, 1998) "Trust is the absence of a security control", let those with security clearance respect what that means; and if they will not and cannot keep the trust placed in them they should return their badges and have their clearance revoked.
However, if he is not cleared, is he in a position to advise BT on security? What can they (BT) release to him now if he has assisted in the release of UK and US documents?
As I said, I don't trust anyone (as those that know me will confirm), but I trust some even less than that.
But I will leave you to make up your own mind.
I want to see Bruce's birth certificate.
There is only one reason to not trust Bruce...the complete facination with Squids.
Something is wrong with Bruce on a deep, deep level.
Can you trust Schneier? To me, that is tantamount to asking if you can trust Wikipedia. The answer is of course no you can't if you need 100% certainty. The question is where can you find a more reliable or trustworthy source. We know Wikipedia has errors. We know some abuse Wikipedia. Does that mean that encyclopedia Britannica (where an article may not be updated for a decade) is better? Is New York Times better? Is Fox News?
We trust Bruce, because we've read him for years. He points out his errors. He makes an honest effort to present opposing views without wasting our time with nonsense. He withholds opinions when facts are lacking.
Yes, we trust Bruce. Not a hundred per cent. He'd yell at us if we did. We just trust Bruce more than most other sources.
Trust. Easy to give, easy to lose, almost impossible to regain.
You would think that the various entities in the US government would know this by now.
From what I understand about trusted systems, we would, at a minimum, require these things to be ensured that we could trust Bruce Schneier:
- Vet his mother and father and ensure they can be trusted
- Know that Bruce Schneier was raised in a bubble
Because of the iterative nature of humanity, this process becomes very difficult, and tends to indicate that no, he can't be trusted per se.
Nevertheless, the logic and content of his writings do stand on their own.
the scientific community as a whole can be trusted.
Never trust a single person, always check if the algorithm's that person provided have gone through rigorous analysis by the scientific community.
@A - No, the scientific community as a whole can be trusted only so far. And who trusts the person who checked the algorithm? And what about the person who trusted them and told you to trust the person who said to trust the person who "checked" the algorithm. Good grief, don't people learn anything?
The whole climate debate is about trust. The reason there are deniers, is not because they know that global warming is untrue, it's because they don't trust the people who say that manmade warming is occurring.
The same thing just happened in information security. For years everyone just trusted the vendors, the experts. Yeah, they're trustworthy... until they're not.
There is only one reason to not trust Bruce...the complete facination with Squids.
Something is wrong with Bruce on a deep, deep level.
Tentacle fixation? Did Freud have anything to say on tentacles?
I don't think the question is sufficiently well specified. Trustworthy to do what?
But, let's say it is.
First, the narrow, paranoid approach that can feel superficially logical:
I do not know anything about Bruce other than what I read in these blog posts, but I'd imagine that he keeps decent control over information about himself.
Start with two possibilities: either Bruce is in the covert employ of the NSA, or he is not.
If he were in the covert employ of the NSA, then he would avoid releasing any information allowing such a conclusion to be drawn.
If he were not in the covert employ of the NSA, then he still likely would avoid releasing information that would allow such a conclusion to be drawn.
So assuming he controls information released about himself, both Covert and ~Covert imply that released information will support ~Covert. Therefore that released information supports ~Covert does not actually establish ~Covert.
I suppose that I could try to find articles written about him by journalists. But how do I know that the journalist isn't in the employ of the NSA? I don't. So I investigate the journalist. But how do I trust the sources of information I locate during my investigation? I can't. So, I must investigate...
Yeah, it's pretty much tinfoil turtles stacked in Faraday cages munching on one-time pads all the way down.
Second, the probabilistic, bounded-rationality approach:
Baseline probability of a security expert being a covert employee (not occasional consultant) of the NSA? Must be pretty low.
Quick assessment of how risks/benefits of hiring someone of Bruce's reputation to plant deliberately weakened encryption methods and devices would look to NSA after experiencing Snowden's leaks?
Really high risk, very low expected value.
How likely is it that someone would insist on rigorous, open source verification if he wanted to plant weakened standards?
Overall probability of Covert? Bayes says to me: not very f*ing likely, why don't you do something useful like clean the dishes?
In some ways I prefer the turtles.
Although Bruce seems to be a trustworthy person, when it's about cryptography we shouldn't trust him, nor anyone else. He should be no more than one of expert voices we listen to and if a reasonable high number of experts say that a cryptographic method seems to be safe than we cane hope that it's really so, but we can hardly be sure of it. What if they all missed something? Something that the guy working for NSA has spotted and now he's working on an exploit.
I've been a subscriber and reader of Crypto-Gram since 1998, and I've observed the gradual evolution of Bruce Schneier from a cryptographer, to a computer and Internet security expert, to a general security expert, to his recent emergence as an authoritative and outspoken advocate of privacy rights. I feel that I know him through his writing as well as it's possible to know any author that I've never met in person. He has a solid reputation on the Internet, and on the Internet your reputation is who you are.
@ Mark Johnson
I have argued for years that climate science doesn't even qualify as "clinical" research let alone a formal theory that has been "proved". It's crap, where's the double blind planet? Climate is complex, I have argued that no one has measured the irradiant dielectric effect (my term), imagine a photon from the sun, comphrehesively describe the journey. What are the scatter, gather, absorption effects as you pass through the magneto-sphere, ionosphere, etc? What are solar constants and periods (magnetic, plasma, etc.). The list is endless, it is only recently that the IPCC took up terraforming. Causation is a scientist's mistress/lover.
He does make a lot of arguments for "risk based" security in his latest book, hmm...
Off-topic, to be sure, but .. --- I wouldn't touch your cherished hummer
(apparently) with a ten foot pole. Destruct a bit further and be happy,
èh? Cheers and have a nice day.
Is the model "trust until betrayed". The Judas kiss.
Or "distrust until proven", typically by stabbing the probable opponent(s) in the back.
You could publish all the raw Snowden documents you have. That would prove you to be trustworthy, but may cause other problems.
But to go back, you might be a plant, advocating for something that "won't happen". Or play the middle - Google (which you might know has surrendered its private SSL keys to the FBI, NSA, etc. ala lavabit) and Apple and Microsoft are really good and reliable and trustworthy.
There is an asymmetry at the derivative. Credibility builds slowly but is shattered easily and in an instant. Your pristine FICO score will drop 100 points by one late payment, even if unintentional.
If Clive Robinson will endorse Bruce, then I'll trust Clive's endorsement.
I will trust one Twofish 256 bits open key mode... for ligth jobs... and one heavy OTP with air gap computer headed for the very very heavy tasks. And for bruce I believe about him like one calve guy, but a nice one... At least and at all, he tried, he tried... but finally surrended to bigbrother, no option... or... XOR all your data.
Bruce sounds suspiciously like "ruse".
I think the best way to treat the question is based on game theory. Experience has shown that initially trusting someone yields the best results. As time goes on, any evidence of untrustworthiness obviously diminishes trust. Once untrustworthiness reaches a certain level, then the person is shunned.
I have no evidence that Bruce Scheier has been untrustworthy, so I will continue to trust him. (He could be a superb NSA agent, but given the NSA's bungling, I don't believe it has any such thing.)
I think the author of that article and Schneier have completely different objectives in mind. If I understand correctly, Schneier built the system to evaluate leaked documents (hence, the entire purpose of the system Schneier was building is to transfer PDF/Text/Word files onto it). Without identifying requirments, you may as well start criticizing the design of a car because it won't survive atmospheric reentry.
There's a lot of criticism for the sake of criticism in that article, e.g. the public domain cryptography. Given the leaks we know closed source, closed standards cannot be trusted, so you either roll your own or move to open standards/open software.
The fact that Bruce's credibility is suddenly called into question now he's working with Snowden documents in my opinion is a good indicator that he can be trusted. I had the same good feeling about Snowden when Cheney et al called him a traitor.
Then again, if tomorrow Bruce is revealed as Gen. Alexander's successor and this blog to be a formidable psyop, then I would still have learned a lot about security and security technology from both himself and the usual suspects over here. My win, any which way it goes.
We haven't seen the source code of Bruce Schneier yet, so for now doubts remain. Anyone up for a peer review? Some disassembling might be required.
I had to laugh when I saw this on originally on slashdot.
Anyway - I don't think any one has mentioned this yet - but why not treat this like the Byzantine Generals problem?
We don't really need to trust Bruce - but we would need to get more experts involved in assessing the information.
There are numerous references to this in the literature (e.g., this one).
Here we have evidence provided by some one and we have a number of potentially untrustworthy technical experts trying to determine if some piece of information is significant, whether parts should be redacted before making it public, etc.
Bruce could be - shudder - fallible and he could even have particular agendas that bias his recommendations.
Expanding the number of experts assessing the information could help here (but also allowing the potential for more leak points of sensitive information - which would be a potential down side).
Given that Byzantine fault tolerance is essentially math, and we should "trust the math" ... do we even need to trust Bruce?
do not trust a single person. learn math. learn logic. learn cryptography. start by reading jonathan katz and jehuda lindells introduction to cryptography, check out dan bonehs online course on coursera. look what phil rogaway has to say. learn computer architecture, learn programming and learn to make and exploit flaws. study academic papers. go to usenix security, acm ccs, ieee security and privacy, crypto and eurocrypt. strive to understand computers and math like djb does. then realize that many of the things bruce has to say are quite reasonable.
A Voight-Kampff Test is the only way to be sure.
Read True Names and Reflections On Trusting Trust.
So I can think of various things that could make Bruce a government agent. But then I use myself as a benchmark and realize many of the things I say, have done look suspicious and I'm no government agent. If it turns out Bruce works for the NSA we can always whack him to death with his well deserved Oscar statuette :-)
If Bruce or any professional in his field were corrupt, I can see only a limited number of ways he might try to take advantage of his position:
(1) Endorse products or algorithms that have back doors or are easy to break;
(2) Publish advice that will backfire if used by people NSA would like to target; or
(3) Encourage those people to confide in him, then betray them.
Any of these seems to me both quite unlikely to happen, and quite unlikely to work. Certainly the kind of peer review Bruce encourages is exactly the thing that would be sure sooner or later to expose any of these actions if he did them.
It's like trying to get rich through accounting fraud, the way Madoff did it. There's no way to get away with it indefinitely, because the fraud contains the seeds of its own discovery and gives lots of others the incentive to make that discovery.
I was once told "never ask for compliments" I guess the same is true of "trust"...
I now know we should speak of "Ruse Liar" which by use of what is in effect a double negative is a positive recomendation :-)
But let me try to be a "Truce Crier" by saying the following,
Unless you specifiy what you are measuring how can you make a valid measure?
Back in the days when I was paid to wear the green we had a saying which was,
I'd trust him with my life but not my wallet
And many similar little statments some of which had no redeming qualities such as,
Trust me the only way you'll get a drink out of him is to stick your fingers down his throat
It would suggest that trust in the human sense is a nebulous thing based in part on each individuals behaviour but also on the observer of the behaviour. So when we feel the trust we have given is broken who is to blaim?
I for one don't trust governments and see no reason to, simply because they reserve the right to do things to me that they won't allow me to do to them. Thus it's not an equitable relationship, they have reserved the right to "win/draw" and thus force me into "draw/lose". Do I trust other parts of what we call society, in general no for the same or similar reasons and thus I reserve what few rights I have to protect my rights in what ever reasonable way I can (or atleast what seems reasonable to me ;)
Thus trust could be said to be measured in harms, that is "how much harm" can trusting this person/entity/technology do me?
And the answer to that depends on what I volenteer or am compeled to reveal.
Thus if compulsion is used I do not trust as I see compulsion as a harm in of it's self, and as a general rule I assume most information I could reveal could harm me in some way so I tend not to volenteer information.
And the military also has a saying about not trusting others which is,
Don't leave amunittion for the enemy
So the issue is not an unknown one.
So back to Bruce...
Am I pressed in some way to take his advice/opinions?
No so that means that I don't automaticaly distrust him.
Where I have chosen to, has doing so caused me harm?
No so that means that I've not got reason to distrust him.
I could go on this way but the simple answer is I've no reason to distrust him, but then I've not given Bruce any information that can cause me harm, nor am I likely to, so I don't have to be in the position of trusting Bruce.
And that is by and large the way society expects things to work, don't distrust without reason but likewise don't trust without reason, because a trust not given cann't be broken.
That kind of outlook is naive in the extreme.
Why hasn't anyone come up with an answer to the P versus NP problem yet? Why do we not have a practical cryptosystems with the same qualities and formal proof as the One Time Pad yet? Why are quantum computers advancing so slowly and why are chaotic systems nigh impossible for us to simulate?
Surely these magicians and alchemists in industry should have an answer by now, no?
By the way, opinions can't be "wrong", only foolish.
Ooh, I know this one!
All I have to do is ask regular-universe Bruce what answer alt-universe Bruce would give me in response to the question, "Are you trustworthy?" (since regular universe Bruce can only ever tell the truth, and alt-universe Bruce can only ever tell lies).
And of course, identifying which of the two Bruces is the good one is easy - evil alt-universe twins always have facial hair... Oh, wait. :-/
Employing transvestite rock groups that ask you for a cameo is technique #4337
Mike the goat
--Ok, you win. That really gave me the giggles. Thought it'd be the 1337 technique but hey never knew there was so many! If the NSA are so freaky...well makes me a little curious :)
--That would be hilarious if you were an agent; crazier things have happened. Basically the entire world of security would get a nice bitch slap on the face and maybe we would see an explosion of projects for the "full implementation" of security from mining the metals to connecting to the internet.
Trusting a man called "Schneier"
Whose name rhymes with "A Liar"
Might seem very silly
But I know I will be,
Until his pants are on fire.
@ Dirk Praet
"I had the same good feeling about Snowden when Cheney et al called him a traitor."
Same here. When they actually react, it often says something about what they actually think. A reaction like that says you weren't BSing. I expect more attacks on Bruce's character to occur in the future for a number of reasons that you've probably already guessed yourself.
"Then again, if tomorrow Bruce is revealed as Gen. Alexander's successor and this blog to be a formidable psyop, then I would still have learned a lot about security and security technology from both himself and the usual suspects over here. My win, any which way it goes. "
Lol. Awesome. I've often felt the same way in regards to the NSA. If worse came to worse with them, I'll have learned so much of what I know for countering great threats from their papers, GOTS products and publicly known efforts to subvert us. How good would I *really* be at security engineering against top notch opponents today without such "learning opportunities?" ;)
Thing is you can't trust anybody in any system that relies on security. All you can do is distrust some people less than others based on your own hopelessly inadequate assessments. Celine's First Law: "National Security is the chief cause of national insecurity" -
There are three cases: simple, complex and extremely complex.
Case 1: there exists an absolutely infallible method (quantum-crypto-whizzo) of security = HOLYGRAIL
Schneier(GOOD) only tells the truth
Schneier(NSA) always lies
On Monday, Schneier(?) is standing at a fork, in one direction lies the path to HOLYGRAIL, the opposite to only corrupt and insecure method. You approach Schneier(?) and ask him: "Which direction would your counterpart send me to get to HOLYGRAIL? Whichever answer you get, go in the opposite direction (classic fork problem). = success!
Or, on Tuesday, you could approach Schneier(?) and ask: was the direction you gave me yesterday accurate? If answer = YES = Schneier(NSA)= busted!
The other cases require either iterated variants or, for extremely complex, must resort to emergency methods.
I trust your knowledge and skill. I can't trust your motivation or goals, but I don't distrust them either -- I am neutral. Where I disagree with you, I attribute to our different backgrounds and experience and the different ways we look at things. I haven't seen anything that leads me to distrust you, with an exception to something you said in "Applied Cryptography" that I wish to leave vague. So you can be trusted by some.
Trust no one -- the truth is out there!
-- the X-Filles
 Distrust here means I don't trust you reveal everything you know, therefore you have reason to hide information! Which may lead to some level of distrust.
Do you trust that people who claim trust in you are telling you the truth? :)
If I'm not mistaken both real-universe and alt-universe Bruces would answer YES to the question "Are you trustworthy", and there'd be no way to know which of them was Bruce(NSA).... Or am I missing something here? (it's been known to happen).
The NSA would be the ideal instigator just to launch a campaign like this. Imagine we all start to distrust each other, even somebody who never claimed to be trustworthy but just asked to trust the maths behind it.
Many pledge their allegiance to Schneier,
But he could be an out-and-out liar --
In the sinister sway
Of the same NSA
He berates with such crowd-pleasing ire.
If Bruce Schneier would write an article about industrial espionage in context NSA, we could recognize his solidarity with the United States, independently from his great work.
The only evidence would be in Bruce's submission of crypto systems where they were weakened with successive 'improvements'.
The answer's right at the top of the page. "Never trust a man with a beard, he's hiding something" was just about the first piece of security advice I was ever given.
I'm still trying to work out if it's usually just a chin, though...
@ Dirk Praet are you on reality Dirk Paehl of www.paehl.de ???? You betrayed the users of your programs...!!! Get away of this comunity, betrayer deutch man....!!!
to quote Tolkien: Frodo - "Well, if he was one of the enemy, he would look fairer and...well, feel fouler, if you see what I mean."
It depends for what goal, what information it is concerned, etc. You can't trust anyone 'in general' because it means nothing.
@ Bruce Schneier
I think that I have the choice to
1. trust everybody
2. trust nobody
3. find reasons not to trust somebody or groups
4. find reasons to trust somebody or groups
If I think about trustworthy technology these days I come to the result, that I can't trust any computer driven system. This leads me to be much more careful, but this doesn't mean that I don't leave my house for normal life.
I wouldn't pay hundreds of dollars for a (sp-)iPhone or their competitors on the market, who are the same insecure or even more and all give the NSA a hand on the data on the one way or another.
You (Bruce) are a digital person, a username, a guy who knows much more about information security than I ever will, but I never meet you in real life and even if I had, I only have to believe what you say (knowing that you are able to lie to me while looking in my eyes) and your posts on a untrustworthy computer driven system.
I don't know, if you are trustworthy or not or if you work together with NSA or maybe with chinese, russion, or whoever ... but what you write makes sense to me and you are very critical on a professional basis (you don't just say that something is wrong, you give additional information and external sources to verify) and at the end, math doesn't lie. Another thing is, that here are some very intelligent people on the board (sure, they might be on the NSA payrole, too, like you might be) who verify even the parts I don't understand and this gives me a better feeling about your posts and advices.
At the end I think you are trustworthy as long as nobody prove the opposite ... and trusting nobody would lead me to a complete paranoid life, I think.
I do what I want to do, to influence my hidden online profiles wherever they are and be aware of the untrustworthy world around me.
You do not need to be trusted in most respects. You justify and explain your analyses and recommendations. They can be verified. True, that may need expert knowledge, but there are quite a few good security experts around that can do it. And if they are all not trust-worthy, all is lost anyways.
There are a few things where we need to trust you, namely with regards to the Snowden documents, but what you wrote there so far does not look in the least as if you were in the NSA's pocket.
So I do not think this question is an issue. If anybody really finds they need to trust you, then they are doing this wrong.
Security of any form always involves deception and requires distrust of assurances. Trustworthy is a marketing term which always involves deception and requires continuing distrust. Distrust is a competitive marketing term to trustworthiness which also always involves deception and requires continuing distrust. despair and paranoia.
Claims of security trust and distrust are disgustingly promotional, intended to create confusion, fear, panic and, most desirable, submission to authority which thrives on imaginary threats and illusions of security, and, innumerable bloodthirsty leeches.
Security experts, those promoting national security especially, are defective by design of DNA and bad blood, are driven by an immoral compulsion for superman conflict causing savage harm to subhuman innocents.
It is for that terrifying, WMD armed, psychopathology they are blindly worshipped on the chance that any other behavior will initiate pushing red button dementia of permissive action links, insertion of two rusted keys, turning them simultaneously, pissing pants deliriously to reveal the monstrous megadeath inventions are duds, exposing at long last taxpayers around the world have been the Gods-damned toys they kind of figured they were put on earth to fodder the fields of valor and golf courses erected there upon.
are you on reality Dirk Paehl of www.paehl.de
Er, no. And I'm also neither Dutch or Deutsch (German). I'm Belgian. Note that Dirk used to be a popular name in Belgium and The Netherlands somewhere mid sixties of last century. It's derived from the original German Dietrich and a variant of the much older Theodoric ("people's ruler"). Caveat: not to be confused with Theodore, which is Greek (theou-doron) and means "gift of god". English variants include Derek and Deke. In French, it's Didier.
Stay off the drugs. They're bad for you.
If the definition of trust is the ability of the trustee to break the truster's security, then no I don't believe I currently trust Bruce.
If I were at the NSA, I'd argue for trying to endorse technologies and people that were particularly troublesome, to make paranoid people less likely to trust them.
I'd give Schneier an "Especially Helpful Citizen Award", for his efforts to explain cryptography to the world.
I can't be the only one who spotted the obvious flaw in the air gap scheme he published? Can I?
@Jeff: Yes, you're probably right. I was riffing on the Guardians puzzle in the Dr. Who episode Pyramids of Mars...
My spidey sense doesn't tingle, so I guess he's ok.
"Does Bruce influence the NSA?"
"Does Bruce influence you?"
Don't ever, EVER trust anything Bruce Schneier says, including this.
One commenter said that Bruce can't be compromised because there are other cryptography experts out there, and they would call foul if Bruce was wrong. This implies that no other cryptography experts are compromised - who would presumably call foul to try and discredit Bruce if he was working for the good guys. So if there is no contention, either all Crypto experts are compromised or none of them are. The chances that the NSA is unable to turn a single expert seem more unlikely than the chances that the NSA have turned the majority of major players.
Also, Bruce's argument is tantamount to saying "I haven't detected any intrusions into my computer system; therefore my computer system is absolutely secure" which is clearly faulty logic.
Let's face it, in this day and age you can trust nobody but yourself - unless, apparently, your name is Bruce Schneier.
(P.S: That said, a journalist questioning Bruce's trustworthiness? That screams NSA influence more than all the arguments mentioned above. Is Bruce based in the US? If so, if he could move to somewhere with a better track record on Freedom of Speech, that would be great)
Trust should not be individually answerable but only by a group where each skeptic uses a piece of verifiable information to falsify trust.
I see a lot of general "trust is earned thus ..." and little specifics about Bruce Schneier and how and why you should trust him.
One little detail he released recently is that he is dealing with Snowden documents and using air-gapped computers to increase security (he is also using windows machines, an OS with such hilariously bad security that it is famous for being hacked while air-gapped).
Ok, so we have a high profile user of Snowden docs located in the US. We also have a US governement that sends NSLs willy nilly. If Bruce Schneier isn't CCing the FBI, NSA, CIA, TSA, and Minnesota Sheriffs' association with every email on pain of a federal conviction, the ACLU and EFF can stop worrying about NSLs (I wouldn't bet on it).
There also are bizarre statements (including those in the last post) that still deny that DUAL_EC_DRBG is a backdoor. It might have been left to throw people off guard (this is what a backdoor looks like, pay no attention to that little quirk in AES/AES2, changes in SHA3), but the idea of a backdoor somehow magically appearing in an algorithm *and* the NSA shoving an obviously inferior algorithm down any throat they can seems far more naive than almost any other statement I've read from Bruce Schneier (especially before the existence of NSLs). I suspect that such letters include requirements not to talk about anything covered under the NSL, it is quite possible that such talk is the only hints he is legally allowed to give that he is directly forbidden to talk about such things (note that under US law, things are "officially secret" until "secrecy" is legally overridden. Those with security clearances must not read the New York Times in case they may learn inappropriate "secrets". Thus while "everyone knows" that DUAL_EC_DRBG *is* a backdoor, denying it may be officially required).
* note for those who accuse me of tinfoil hat syndrome:
1. Do NSLs exist in the USA? Are they sent at all?
2. If they aren't sending them to those who obviously have evidence of "crimes", who are they sending them to?
Reading these comments, I was reminded again just how much the Internet has changed how we interact. Here Bruce has created a space and invited anyone with an opinion to gather and discuss whether he can be trusted, while he quietly (and amusedly?) observes. I can't imagine anything analogous to this IRL.
How do you security audit a person's character?
Maybe Bruce its because you are making statements lately about a lot of things you haven't actually looked into. Whats up with that?
The trust issue is important to people who exist in a socially defined universe. It has been said that they spend their lives looking for a place to plug in their umbilical cord.
Self-reliant individuals aim to avoid putting themselves into a position where they must trust someone else. Obviously, no one can be an expert on everything, so it is reasonable to rely on experts after some sort of validation.
The true is the whole, and so integration of everything you know is one way to identify what is false.
My summation of Bruce is that he is basically trustworthy, though his philosophical framework is different than mine. I apply an inversion process to compensate for this bias to get at the truth of things.
wumpus: regarding NSLs - if Bruce wanted to humor those people who are asking questions and put this issue to bed then he could write a declaration stating that he has not received an NSL as of $date, sign this with his PGP key and publish it on his blog. He could go one better and print a physical copy and get it signed in the presence of a notary public then scan the file and sign it with his PGP key.
Speaking of PGP key - does anyone else find it strange that Bruce moved to a 4096 bit key around the time that he started working on the Snowden disclosures? I know we shouldn't infer anything from what may have just been routine housekeeping (he speaks of purchasing a computer to air gap, etc.). My humble opinion is that a determined nation state level adversary may have enough computing power to break 1024 bit RSA. We don't know what kind of computing power they have and/or any mathematical processes they have developed to reduce the amount of workload required to break such a key. I don't have PGP on the workstation I am on to validate but has Bruce signed his new key with his old key and produced a revocation certificate for his old key - and if not - what have they done with the real Bruce? (j/k, of course)
All discussion aside Bruce takes time out of his day to prepare daily entries in his excellent blog and provides an open forum for us security nuts to converse on such topics. Whether Bruce can be trusted or not is immaterial - he has stated multiple times not to trust him but to "trust the math". I haven't seen anything to make me doubt Bruce's credibility. That said - even if he was compromised - the information he provides is still interesting even if censored to avoid offending those who hold a big hammer (losing your freedoms, etc.). I think the OP who spoke on slashdot was being a bit paranoid. That said, I was derided and criticized by my peers for being a conspiracy nut when I spoke of surveillance equipment at an IXP in a major city. This was about two years prior to Room 641A in SF was 'discovered' by the whistleblower engineer. I was unable to look at the actual equipment as it was located on the floor below but the optical splitters were all on SONET crossconnects both to the backbone and in between major peered ISPs. I will disclose that the facility was owned and operated by VerizonBusiness/MCI/UUNET.
Anyway my point is the cranks and nuts of yesterday are often validated as being correct tomorrow so I won't discount anything.
Has Bruce Schneier ever asked me to trust him?
The government (implicitly) asks me to trust that it's acting for my good. America is built on the idea that government should not be trusted very far; we've kind of gotten away from that idea, and the NSA just reinforced why it was a good idea not to trust the government very much.
Schneier kind of implicitly asks me to trust him when he writes Applied Cryptography, and somewhat less so when he writes this blog. But he doesn't ask for much trust - I can check the math, if I want to badly enough, and I can think through his arguments.
So: Do I need to trust Bruce to consider what he says? Is he even asking me to trust him?
I can't claim I know/understand the song's lyrics, overall, but I'm reminded of:
"Don't bring me down... BRUCE!"
So, I'll leave it at that.
I would be more apt to question Bruce's trustworthiness if I learned he believed in religion.
"Trust no one." Don't take it personal Bruce. :-)
"Trust No one." It's a good philosophy in the security business. Don't take it personally, Bruce. :-)
Why has Bruce not said anything about me cracking base64? I sent in like a bil'yan emails.
Considering Bruce is on my list of people who I'd expect to see a National Security Letter, and for a point in time I believed he probably did receive one, yes, I'm willing to trust him.
As one person above mentioned, Bruce asks us to trust the math, not him directly.
Other wise comments have been to trust no one & use multiple sources -- all are great advice.
@wumpus: I can confirm that NSLs are indeed real. I've fortunately not received one personally, but have seen a real one in the wild.
'trust no one ' is a good philosophy for any business , not just in security business . a guy runing a bar once told me that exact sentence :)
Hmmm.... Do I trust Bruce?
Silly me I didn't know that I needed to trust Bruce.
Bruce could be a plant. Working to discover, then gain the trust of the most serious opponents of the NSA. Pretending to be one of them. One day he might pull the chain and walk off under a golden parachute, while the gang developing mathematically verifiable cryptography are quietly removed before they can make it public.
Are you an Egotistical Giraffe or an Egotistical Goat?
I think there are some Bruce Schneier facts about what happens to people who don't trust Bruce Schneier... it's not pretty.
In any case, it doesn't matter whether he can be trusted. Trust the math.
Use OTP if you're Soviet-level-paranoid - though you'll need better-than-Soviet-opsec... ;)
If you can stomach something less than information-theoretic security but don't trust AES et. al, then slap an iterated Even-Mansour construct on top; search "Key-Alternating Ciphers in a Provable Setting: Encryption Using a Small Number of Public Permutations", EUROCRYPT 2012. Problem solved. Now you can sleep at night.
I can't claim I know/understand the song's lyrics, overall, but I'm reminded of
"Don't bring me down... BRUCE!"
Ahh the great songs of The Electric Light Orchestra :-)
Coincidently I read your comment whilst boiling an egg in the kitchen with ELO blaring out on the CD (it annoyes the students next door :-) and gives me a pep in the morning way better than the best java, oh and a little light excercise as I bop along to "Rock 'n' Roll is King", "Rockaria" or their cover of "Roll Over 'Beat-hoven'"....
But the thought occurs a couple of other of Jeff Lynne's songs are apropo to this thread,
How about "Confusion"? Just change a single word ("Love" to "mentor") and it would be spot on for this blogs readers if Bruce was under NSA or equivalent influance :-)
Then one for the NSA and Co, "All Over The World" (change "party" to "crisis" and "feel" to "hurt") about Ed Snowden's revelations. Or perhaps since Obama hung them out to dry the one for Alexander trying to call the white house "Telephone Line" (change "faded out of" to "sprang in to" and "love" to "intel" :-)
Re-read what the entity claiming to be Bruce wrote: "So far, I haven't seen the good reasons why I might be untrustworthy."
In all the comments above I don't think I've seen any new reasons and most are pretty obvious. I am going to assume (yes I know, bear with me) that the entity has seen a lot of references to itself, here and elsewhere on the internet. This is a safe assumption since we know the instance where it was challenged as it gave us the link and we can check it (we suppose it did not fake the post referenced - should be investigated but doesn't change the final result), and also the question has been asked more than once (in fact it has happened on this blog previously).
Note that the entity says "the good reasons" - so there *are* some good reasons why it might be untrustworthy (unless *the good reasons* also includes the empty set, which would be a misdirection all on it's own since 'the' is 'the definite article' so if there isn't a definite article in existence there can't exist 'the plural definite articles' - and this latter case would automatically generate the final result "untrustworthy").
So given that there are good reasons, unless we know each of the reasons and discount them individually then we cannot discount that it might be untrustworthy. So by it's own writing it is for all practical purposes untrustworthy, because it just told us so.
Let's further address the reference to 'seen'. At the time the entity wrote the sentence it wasn't reading it (since by definition reading != writing and we are playing by my rules). If it then proofread or read the sentence then IF there is only one good reason (per previous paras) a trustworthy entity (defined as not seeking to mislead) would have corrected the sentence to refer to "the good reason (singular)". Since it didn't do that (correct the sentence) then there must be at least two good reasons (previous paras plus the lack of correction = 2 reasons) it's untrustworthy. And IF there were several good reasons previously, by definition again it untrustworthy.
It's untrustworthy at the very least because it wrote the sentence above that started all the trouble.
For me that question isn't relevant anyway.
His algorithms and code can be, and has been, checked. More importantly though I feel the question "can Bruce be trusted?" misses important pieces of context; to name one:
What damage would be created if Bruce were not trustworthy? And:As compared to what?
One really relevant issue in that field is "Can encryption (as done today) be trusted? Frighteningly the answer is a sound "No". For one "security" or, for that matter, "trustworthiness" is relative by definiton and it can't be proven because proving it would mean to prove the absence of danger, leaks, etc. - which is impossible anyway. Second, in the end encryption relies on the mathematical ~computational difficulty of certain problems. The fact that they are considered difficult is to do with *us and today* finding it difficult - which provides for not that solid grounds.
Concerning the damage, if Bruce weren't trustworthy the damage would typically be something like "Yikes, I'll have to change the algorithms from Blowfish to X".
If, on the other hand, the nsa had or found a significantly cheaper/faster way so as to make "practically realistic" what is commonly considered "not feasible with available means within reasonable time" the damage would be "A major part of encrypted data is basically clear text for nsa".
If, however, Bruce really were an nsa asset then that might still be not the end of the day because: Could they trust him? (After all, he could be colluding with them just to be around to strip them one day and spill all their dirty little issues. Just look at the damage done by one of thousands and thousands of nsa drones, Snowden. Now imagine what a guy with real know-how could do!).
Within reasonable constraints I do trust Bruce.
I think I can trust Bruce to be honest from my long reading of his works and seeing his actions.
I can't trust him to be *correct* in everything he says, and I have some examples I personally think are good ones, but they're just normal human failings, being a bit out of touch with what's going on sometimes.
Example, when he was putting down all the dangers of "cyber war" (which I largely agree with), he also said nearly no one (I forget if he qualified that with "sensible") had vulnerable SCADA systems or JIT grocery store systems out there hackable. He was wrong years ago when he said that - dead wrong, and having been in the biz, I know that. Leased lines went out of those businesses a long time before he realized it.
I saw a TED talk he did the other day, in which I believe he's hopelessly optimistic that we can, by force of will (or whatever), change the tradeoffs we have vs government intrusion on our privacy. Pretty sure he's dead wrong on that one too (think - those in power were the first blackmail targets by NSA, I'm sure even the most brain-dead bureaucrat there did) - but that's my own assessment, and who says *I* am trustworthy or know everything? I've got an ego, and even *I* don't think that.
But that's not the same as being untrustworthy by my definition. No one is perfect, no one knows everything. I'm grateful for the education I've received from him - and since most of that I can independently verify, well, I trust that stuff.
I'm with you Doug. There is no 'We The People' solution to what we're facing. Dissent will be, uh, stranger .
Here's what won't work.
- Media (establishment)
- Politics (establishment)
- The Law
There is good people in all of those places but it's not enough. People today in the Valley are thinking we need to work outside the system and build without it. Bitcoin is a product of such thinking and so is Bitmessage. That kind of thing is to be taken to a whole new level.
Somebody accused me one time of wallpapering over the problem but tbh this inclusiveness we're all in this together deal isn't working out. Many ignorant older people and some stupid young people like the idea of a police state. Why not let them have one? Let them suffocate with their fail while we construct other worlds. The idea of a global dark mesh network isn't going to go away. Then people can vote with their actions which society they prefer.
--Mad respect for the linked site, all great topics; it's different from your other site which featured something like off-the-grid electricity which is also very respectable. Speaking of grocery store systems, a store I used to work at got hacked big time (which I scanned) w/ fake coupons that scanned and fooled the system and stole over $120 of groceries; do that all over the state and you got maybe $10,000 free food before you stop and get caught. Or how about talking about the actual food being sold to the consumer? Some of which was f-ing disgusting; just so unsettling given the lack of quality our society is going towards. Which all the food is coming from somewhere else, possibly in a different country where all sorts of nasty could've infected your food.
Ii am a really paranoid person. All these negative comments are surely about me. I've been reading them for 17 hours and I can't figure out how to pay all of you back for the things you said.
Incidentally, someone ought to try out video rental as a term of art on the internet. Maybe corresponding with the owners and make it clear thatyou will pay if they rent the video to you. You can either email them back or just prove you put them in your computer shredder. Then you are a renter with all the protections that Clarence Thomas and Edwin Meese, aw heck I don't know who Reaan got that passed for but it's a good law. That would really screw up how any company could do surveillance.
By the way, everyone can watch lots of porn now. It's good for society.
That's coming from a former White House speechwriter who did NOT write the malaise speech and also a Harvard instructor and a snake hunter. I know he's a snake hunter because he wanted to go snake hunting in South carolina and one of my neighbors fit the bill perfectly. What's all the fuss about porn these days anyway. I grew up in the Golden age and the new stuff isn't worth watching. But you could drive by the drive in x rateds on the main thoroughfare and no one cared. Now they act like you presumed a sex offender for doing something that's been legal for fifty years.
And it's bad for security when people can be blackmailed into paying someone to not reveal they watched it. Who gives a crap? The ones whove broken about six of my hard drives putting loopbacks into my disk drives and those things somehow migrate the bad effects to other drives. Why does that happen? Or do I have another hard drive problem. But i've literally seen them put the loopbacks into an encrypted Linux and it immediately showed up. And I was doing something that's been legal for fifty years. We really need to stop it. They have no excuse and are committing criminal acts when they do it. And this is besidesthe point, but 30 years ago when I was a young public defender the stress got to me and I went into paranoid mode and had to go to a "rest area" in the hospital to get my mind screwed on right. The fact that I'm saying what I'm saying say to me it's one of the few that is right. We were never like this before the last fifteen years.
Incidentally, I think I'm pretty observant. I started get parnoid aobut spies when the BOINC scandal hit. Teams were cheating to accumulate poitns. Points by god and they cheated for them. Is this socieity fucked up or what. But soon after I started noticing the spying and have been griping quietly to my wife and friends for a good while. I've been quite depressed and anxious about it too. My grandfather lost his whole family to the Stasi. His father had come over here from Germany, but his father was an orphan. His mothers family all stayed in Germany. He was a master gardener for the rich in Germany and so had a craft that took offlike mad when he went to the Charleston Exhibition right around the turn of the centrury. And built up a huge floral business. They made trips to Europe to bring back variieties of tulips and other flowers America didn't have then. But he had a sad ending. He sold out his Charleston floral business, a big commerical operation and bought some land sight unseen in the Florida land boom. And lost it all. And hec ommitted suicide. So after that my granddad just had his sister and his mom and all the rest of the family back in Leipsig. My mom says when the Cold War was starting he would stay up all night long to sew cigarettes and chocolate very carefully into the lingss of the coata as they were his only family member s besides the two women. Well, you know ther rest of the story. He lost them to the Stasi when they tightened up and wouldnt' allow contact with the West. I remember him as being the kindest man I ever knew. He had retired from the post office and took the undeliverable magazines and took them all over the Charleston areas to nursing homes, and mental hospitals and that's all he concentrated on. Helping others. And costantly preched to me about how improtant it was to be honest. Some Americans were rerally like that in a big way in another era. But there was always this morose qualityasadness that you could see he couln't shake off. I think the public service was only way he could get his mind off of not having a family after his Mom died and all he had was his sister.
So I'm not partial to spying. And I also grew up in an era when the Soviets were terrible because they did all kinds of things to their people that is being done to Americans now. I can't live under this system. I can't function. I can't work because I knwo I can't keep my mind from not believing I'm being watched all the time. it keeps me up when I'm not depressed about it.
But about that porn thing. Why don't we just start a "I am Spartacus" movement and stop blackmail from being able to be done just because someone watched some legal porn. I find the stuff they put out now, everyone shaved quite distasteful. The Seka era was my favorite and I took Benjamin Franklin to heart because I was shy about sex and just couldn't approach girls until I was into law school. And then I met my Finland immigrant 42 year old neighbor wben I was 22. Older women have been my thing ever since.
But why do we not start discussing watching porn as something men do. The woman who started up the website make love not porn and has porn videos but tastefully done supposedly has a great following among women. I think you pay $5.0 for a movie and the sex partners get half of that. Husbands and wives are said to be doing it.
I don't buy the law enforcement argument about sex slaves. Not with porn. Because when I lived in Seattle one guy ran this big high rise where all the people who liek to talk to the people on the screen are filmed and he rents out the video feeds to anybody willing to pay. And I lived in Seattle and women were flocking their for those jobs. They paid well or so the newspaper said.
How did we get to be blackmailable about video porn. I grew up in a very small town and inevitably you'd meet couples you knew, husband and wife, or just guys coming in. And nobody cared. Bause lt wasn't known because the law was put in place so blackmail couldn't happen. I still think the NSA may owe a good many of us huge dollars, at least for those of us who paid. It cost me $100 for a year for all you could watch. But really, I'm at that age when I need some help to get things moving so really only once every month or two months was it. But every time herein PA you went on they attacked you. Even paying customers like me. I don't know who it was but Corbett was AG and of course there are dozens of other -prospective people who it could have been. Although I've seen in some of my hard drive logs attempts by companies named after politicians who must have been getting contracts. I'd love to be able to sue them under Reagans video rental privacy act. And that's essentially what it was.
The people who took it using that sharing software I won't touch except for Linux occasionally and I had to when I got Crunch bang. But lately i've been ordering DVDs because I think the Windows machines are writing bad drive software. I'd love for someone to take a loook and see who they were from logs.. A good many of those broken hard drives have that kind of info on them. I've asked a couple of the honeypot people to watch out over my system and made general requests in Linux forums. I could make a good damages case out of it. It could actually be huge money if the video rental law applied
But let's start that "I am Spartacus" movement. Just start saying you watching even if you haven't seen it jn twenty years. (Using Bruce's pyschology, now see, you don't know what's really the truth about me. But all gusy and women who hate spying should jsut make a vow to claim they do it. Then the blackmail we know has hapenned because a federal judge has said it happens, and that makes it true in the eyes of tye law. so about the porn troll lawyers in at least one case they lied, they spied, they made misrepresentations to the judge. https://www.eff.org/Judge-Wright-Prenda-Sanctions-Order
Load more law firms have been hit besides the Prenda thing. If they didn't bother me when I paid for my porn then it can't be some kind of collusion with the porn industry unless they're running people to Amazon to buy your porn. Yeah, they have plenty to sell.
And for god sakes if you have to have porn, go out and pay for it.
And did i mention that porn is good for society.
It actually is just common sense that it would. Maybe all thatp spying on porn users at least in this state is causing rapes and perhaps murders. I wouldn't be surprised because I trust the science and the scientists and the scientific method. So whover is going after normal porn or older women porn which is the category I'm in (we're about 3% of the total) are hurting women.
and maybe causing murderrs to happen against women. it would be logically to folow the science that's been done quite well.
Well, anyway, I'm Spartacus and I watch porn. My sex therapist didn't tell me to because I don't have one but he or she might have. And I'm scared of Viagra and the testosterone John Mcafee the child sex fiend is on I'm afraid of. But porn works. But I can't watch it here in PA. They break my computer when I do. So they're hurting a good marriage and we do love each other.
Finally, did I mention that I tweet about spying at noseyparkerunit The unit is composed of several people involved in an investigation that I can't say anything about. Well, anyway, that's a long way off. In the meantime I've been enjoying your tweets about the internet and saw the Magna Charta remark. That reminded me of a virtual friend who used to write at Jerome Doolittle's blog. Too bad another CArter speechwriter bought it. I imagine that writer was embarrsssed for blaming it on Bush. But I never knew a Carlysle group guy came out of the Carter White House.
But these are the two tweets. the one on your article: https://twitter.com/noseyparkerunit/status/393227221281677312
And the one on the Magna Charta copy Ross Perot sold by some guy who thinks he's good at impersonating newspapers and writing snark. A virtual freind of mine https://twitter.com/noseyparkerunit/status/393228518248566784
Bruce //not Schneier
--Wow, I hope you're a real person and not spamming about porn lol. I guess it can be construed to be on topic, I only get off topic when others bring up other topics. Funnily enough, I found a VHS! of porn at a big racing event laying on the ground. Of course I had to take it and luckily had a VHS player and yeah it was porn lol. Been wondering what kind of fun I could have w/ it and also why someone still has VHS's of porn lol.
criticbot, I don't understand how we can form a parallel society outside the pervasive police state and let it suffocate itself, other than what I do anyway - live so far from anywhere they don't care about me. That can only work for relatively small numbers of people, probably not "critical mass" to rebuild a world. Though I do believe my neighborhood, as a whole, could be self-supporting if the rest of the world went away, it'd be hard, but I'm lucky in (very skilled and diverse) neighbors and lots of space and resources for all here. Though none of us read that book, we've all "gone Galt" long ago.
Figureitout - well, my concern with grocery stores (and really, almost all stores) is that the JIT system, based on scanning everything to produce next weeks (or tomorrow's) order to restock getting hacked.
Not one store being ripped off - that causes nothing but a little loss for that store, and no panic other than the bean counter/manager freaking out.
Think of this - send all the meat to one store, and all the toilet paper to another one - 30 miles away. Instant panic. Or just no orders at all, or too many to fill, there's lots of ways to get it wrong.
No, they can't just re-ship last weeks orders, there's too much variation in demands and it results in the same issues.
They no longer even know how to sell me anything by hand or printed price, anywhere, as I've found even at Lowes if you bring something to the register (like a hunk of metal) without a scannable label on it, and there's no other one in stock to check.
Or, get this, even at a general store far out in the boonies - no scan, no sale. No one knows how to do it manually anymore at all.
When northern hydraulics tested their Y2k fix, a bench vise order turned into a log splitter - I didn't complain too much, but you get the idea.
I lived through the '73 gas crisis, as a professional driver (field service for DEC at the time), and watched panic buying make the crisis several times worse than it actually was, even though it didn't affect me too much (we got a special dispensation, since mainly the government and the charge card co's were the only guys with computers then - in DC). Everyone who was happy most of the time with a quarter tank of gas suddenly had to fill up and keep it full - more than quadrupling the peak demand for gasoline, almost instantly, causing actual shortages and you name it, even though, in the end, there was enough. Remember the even/odd days and all that? That didn't bring in more oil or reduce any consumption, it was the panic that was the problem.
Now think about empty shelves. Basic logistics, as taught at say, West Point says - a couple days of no deliveries or ones to the wrong places, can't be made up "over night", and in fact might take months to overcome. We don't automagically have double the trucks, drivers, roads, speed limits just because we wish it. Add in panic to multiply demand....Months to recover, and actual damage to health.
That's my reason for having gotten cross with Bruce those years back when he didn't realize the potential. He's cured now as far as I can tell. Yet some engineer friends who build large ethanol or hazmat remediation plants, all controlled by SCADA junk, still give in to the C suite guys who want to watch their plant on their remote screens via internet (and read-only isn't an option with this stuff at all), and my pals have no idea at all how to make that safe, but do it anyway, still - they get paid for doing what they are told, not what they would do in an ideal world. They think a fire-wall is something made of cinderblocks...and don't have time and aren't getting paid to learn the type we use.
@Mike C: Dead on, that beard is a sure danger sign.
O'Brien was a large, burly man with a thick neck and a coarse,
humorous, brutal face. In spite of his formidable appearance he had a
certain charm of manner.
"We don't know what your BT job involves and we don't know who else employs or pays you."
I was working at BT when we aquired Counterpane. For the 2 years I was working at BT at the same time Bruce did, as far as I could tell his job involved flying around the world giving speeches and presentations. If you were a very important (potential) BT customer, Bruce would even give you a private session and you could discuss security topics with him.
While this may sound like a philosophical question, define "trust". Digital signatures provide authentication, not trust. Conventional wisdom says if I grant file access I "trust", or if I give weight to an opinion, I "trust" the source, but are these the same "trust", or is trust contextual?
Limiting ourselves to the computer security field, do we have a "common" convention/definition of what trust actually is?
--Sounds terrible. Didn't live thru the gas crisis, but that would suck as I have a decent daily commute. Your last point is a concern of mine, getting stuck on a hopeless project but pays the bills; so basically pointless.
Maybe the question is the message.
Post Snowden documents - Maybe he is saying he shouldn't be trusted by asking the question.
If we assume the NSA learned how to factor large primes, then NSA and their possible agent Bruce would say and do just what they are saying and doing.
NSA would weaken and discredit perhaps otherwise secure ECC by clumsily messing around with the constants in NIST standards, and agent Bruce would publicly play that fact to argue against ECC in general, and to recommend RSA, just with longer keys. Keeping people busy on validating implementations ('go for open source') of algorithms they still believe robust ('trust the math') would come through as honest and sensible advice. Of course this kind of disinformation is even more effective if agent Bruce releases it in apparent connection with some supposed insider knowledge from the Snowden docs.
Hiding the ability to break RSA would be the top priority, therefore invest in projects like planting and exploiting RNG weaknesses and allow information on such projects to leak: people are used to these vulnerabilities, they are actually useful on their own, and most importantly they offer a very plausible explanation for the ability to compromise RSA.
One may question agent Bruce's loyalty though. I would argue Bruce's 'trust the math' is the smoking gun his public statements are not to be trusted as a source of honest advice on judgement calls like RSA vs. ECC. In a similar spirit to the underhanded c contest, the flaw here is hidden in plain sight: one can always 'trust Math', sure. Instead, Bruce said 'trust _the_ math', which to me sounds more as a rather cheap endorsement of algorithms based on specific, widely used problems, like factorization/RSA. Possibly disloyal agent Bruce knows anyone in the field will easily grow suspicious of apparently gratuitous endorsements. Maybe it was a clever covert warning that wasn't understood, and he is now reinforcing it through this curious post of his.
The 1960's series The Prisoner had an episode where Patrick McGoohan's character seeks to escape The Village with the aid of other prisoners. The dilemma is that he doesn't know who to trust as some of the prisoners are jailers. He develops a test that works to sort out who's who based on the arrogance and submissiveness of the villagers. In the end he's betrayed by his fellow prisoners who applied his test to himself and wrongly conclude he's a jailer.
Scott has already substantively replied to your link to that article; I would just want to add the following observation: after reading comment #10 in the discussion, there, I came to the conclusion that, yes, I would trust Bruce more than the author of that article (yes, I know it's an ad hominem, in some ways)...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..