Herman • October 4, 2013 2:30 PM

One of my uncles remarked:

Long ago, we were young and pretty.

Now, we are just pretty…

Uffe Andersen • October 4, 2013 2:32 PM

I’d buy one for sure 🙂

ramriot • October 4, 2013 2:40 PM

Definitely worth getting one.

Though back of T-Shirt should add, some of the following:-

-=<Trust, YES - BUT Verify>=-

No hidden variables added by authority

Complexity is the enemy of security

Beware the Tyranny of the default

There are only 10 types of cryptographers in the world,

And the reader of this T-shirt is neither of them.

This message brought to you by your friends at,

Setec Astronomy LLC.

ramriot • October 4, 2013 2:42 PM

Comment parser redacted some of my post, repeating in full below:-

Definitely worth getting one.
Though back of T-Shirt should add, some of the following:-

-={ Trust YES, BUT Verify }=-

No hidden variables added by authority

Complexity is the enemy of security

Beware the Tyranny of the default

There are only 10 types of cryptographers in the world, And the reader of this T-shirt is neither of them.

This message brought to you by your friends at, Setec Astronomy LLC.

domb • October 4, 2013 2:47 PM

If you’re serious about the t-shirt idea, anyone can create a campaign on teespring. I’d definitely buy one if the person who creates the campaign would be willing to give %100 of his/her profits to EFF.

James C • October 4, 2013 3:08 PM

If there’s no campaign by tomorrow (the earliest I’d have time to set one up), I’d definitely set one up, profits to EFF and/or EPIC. I like the idea of a quote on the back, or something good from schneierfacts.com. What say you?

Bob Staudenmaier • October 4, 2013 3:18 PM

Really, Bruce!

M@ • October 4, 2013 3:23 PM

The Back should be The MAth: http://members.peak.org/~jeremy/rsa_algorithm.gif

Tim • October 4, 2013 3:33 PM

Shame for the Brit fans – should say maths, as in the shortening of mathematics

npx • October 4, 2013 3:37 PM

Does the number of dots in each character or Truth have any significance?

Jockular • October 4, 2013 3:38 PM

At LEAST, please adopt this artwork (trust the math) for this blog, instead of your curret “mug shot”. BTW, I’d buy a tee too.

Jethro • October 4, 2013 3:40 PM

Source: https://plus.google.com/100580194039914237814/posts/1MEixVZL38V

kingsnake • October 4, 2013 3:47 PM

Wouldn’t surprise me if the NSA had put a back door in e = mc2 …

BJ • October 4, 2013 4:04 PM

Anyone planning to do a t-shirt should download the VECTOR art, not the PNG.

If you don’t understand that, please find someone who does.

Nick P • October 4, 2013 4:04 PM

Nice. I’d add to it as follows:

Trust the Math, but Verify its Implementation

BJ • October 4, 2013 4:04 PM

Vector art is available at the ‘source’ url posted above: https://plus.google.com/100580194039914237814/posts/1MEixVZL38V

-sign • October 4, 2013 4:05 PM

@M@
ugh but not that RSA algorithm…can that really be trusted…we need the TwoFish or something…

@kingsnake
“Wouldn’t surprise me if the NSA had put a back door in e = mc2 …”

haha yea. Or maybe they will add one into these T-Shirts…

@Garfinkel
“fed stories like this to make it look like only mentally ill folks believe these”…I guess that qualifies as “backwards conspiracy”? (a conspiracy-theory version of backwards psychology)

Mark • October 4, 2013 4:14 PM

I don’t know how Randall would feel about it, but I think the $5 wrench xkcd would also be appropriate for the t-shirt back.

http://xkcd.com/538/

James C • October 4, 2013 4:23 PM

Could just put a picture of a door on the back of the shirt…

I’d be fine with some explanation of “the math”, or even a stylized bit of code that implements some crypto function (I don’t think discussion of possible back doors is really necessary, but perhaps an implementation of Dual_EC_DRBG should be ruled out), but I personally think a quote would better. Or a hash of a quote.

David Leppik • October 4, 2013 5:09 PM

I think it would be funny to have an open door on the back, with some Dual_EC_DRBG pseudocode behind it. But some people might not get the joke.

Curious • October 4, 2013 5:25 PM

As an artist, the image could use just a little bit of touch up. The scale of the image fits the original photo, however the ear on left side is partly missing and I think some rebellious strands of hair should be sticking out from the sides a bit to match the original photo. 😛

Doug • October 4, 2013 6:40 PM

Hey Bruce,

Any chance if getting a hi res version or the original photo? I like the shirt idea and would like to work on this. Thanks

Figureitout • October 4, 2013 8:53 PM

Bruce
–You could almost put Bob Ross in place of your face too lol. Then on the back, your face w/ the quote “Attacks only get better”.

thirtythreeforty • October 4, 2013 9:46 PM

Awesome! I want a shirt; it should definitely have RSA or a hashed quote on the back. And a link to schneier.com.

Now… Call me dumb but I can’t find the SVG art at the source link at all. (Then again, I’m pretty unfamiliar with G+.) Could someone explain where it is or provide a direct link?

wraithnix • October 5, 2013 12:10 AM

I would buy this shirt in a heartbeat.

William Lee • October 5, 2013 1:39 AM

Rather ironic that the creator(?) is using g+…

I’d buy the t-shirt for sure, if overseas shipping didn’t cost 3x the cost of the shirt…

chesteroni • October 5, 2013 2:10 AM

@David Leppik
Indeed, “some” people could not understand… 😀

@William Lee
I agree – S&H from outside of the US is far too costly, but I like the idea. The halo on the artwork resembles the Holy Mary 🙂

Cherry on top • October 5, 2013 4:23 AM

Larger size: https://lh5.googleusercontent.com/-oWd9HbPy6Sc/Uj9R6QJqC4I/AAAAAAAAAqs/tjPwBjNh4Dw/s2560/bruce.png

franc • October 5, 2013 8:00 AM

Mate, I’d buy 10 t-shirts.

princeton • October 5, 2013 9:52 AM

Trust the math is a farce. What math? Every time someone says this I cringe. Where is the math for AES or TwoFish that proves, for example, diffusion? If you trust the math then why do you rely almost entirely on the passage of time without evident breaks to establish the strength of an algorithm? Now THAT is snake oil.

maxCohen • October 5, 2013 10:02 AM

Found this odd:
http://cryptome.org/2013/10/nsa-link-removed.htm

princeton • October 5, 2013 10:17 AM

There are many good papers examining block ciphers from an algebraic standpoint and which also discuss analysis of results. But these are all studies of HOW THE CIPHERS WORK. They are not proofs of performance. One can show great details of how any machine is built, documentation of the materials selected and processes used to build the machine. But these are not proofs of how well the machine performs. In fact, a given machine design may not work at all! And yet, here are all the details of construction, etc.

Stop the presses!
Change “Trust the Math” to “Hope in the Reputation”.

Funny, but why were alternative ciphers, alternatives to AES, given equal credibility for so long (TrueCrypt let you pick) when the perceived strength of a cipher was only supposed to build over time after having undergone the rigorous tests and analysis and resisted attacks for so long? Alternatives to AES have not been tested a tiny fraction as much, so why even trust the alternatives AT ALL? This contradiction exposes something that is seriously wrong. The whole reputation thing is a lot of smoke and mirrors. And now they say “Trust the Math.” What a joke. Show me the math!

princeton • October 5, 2013 10:25 AM

Two HUGE paradigms under attack right now…

1) Don’t design and build crypto, ALWAYS use the same “approved” stuff as everyone else.

2) Source code made public is always better, stronger, because everyone reviews it and if there is anything wrong with it someone will find it.

What you don’t know CAN hurt you!

-sign • October 5, 2013 10:42 AM

@princeton
Source code made public is always better, stronger, because everyone reviews it

I agree with you that public sources are always better than closed, but…

…looking at the recent mistrust expressed about TrueCrypt here it looks like it is not very easy to review cryptographic software?

Nick P • October 5, 2013 11:28 AM

@ Mark

Solution = $5 Wrench > The Math

Haha

Dr. I. Needtob Athe • October 5, 2013 7:22 PM

“…looking at the recent mistrust expressed about TrueCrypt…”

I must have missed that. Could someone please post links?

November • October 6, 2013 2:15 AM

Front of Tee: Trust the Math
Back of Tee: except ECC

A. Student • October 6, 2013 5:36 AM

Ware the dreaded Chasm of Implementation that lies between the soaring Tower of Mathematics and the lowland Slough of Executing Code!

0-Day Cloting • October 6, 2013 7:04 AM

Hi!

We don’t mean to spam here but as Bruce suggested, we’ve added a couple of designs about the “Trust the Math” motto to 0-Day Clothing. Hope you guys like them:

Design Trust the Math

Design In Math We Trust

We have a full section on crypto. Maybe there is something not too ugly there.

Regards,

The 0-Day Clothing team.

Ramo • October 6, 2013 6:44 PM

@0-day Clothing: As suggested higher up, any thoughts on proceeds going to the EFF or similar?

Cheers

Ramo

Particular Random Guy • October 7, 2013 6:06 AM

@Nick P

Even the NSA cannot club all internet users at once.

dilbert • October 7, 2013 6:24 AM

Perhaps use this on the back (strictly for humor, or course)

http://xkcd.com/221/

int getRandNumber()
{
  return 4; // chosen by fair dice roll.
            // guaranteed to be random.
}

CallMeLateForSupper • October 7, 2013 8:53 AM

Regarding the t-shirt artwork, I would prefer more prominent text. After all, that is the message. And I agree that the theme should be continued on the back of the t-shirt. Just my 0.00009 Bitcoins. 🙂

I’m reminded of a t-shirt that was my favorite, a-way back in my misspent youth (read: college days): solid deep blue shirt; Maxwell’s equations in snow white characters. Those vector algebra equations usually elicited prolonged stares.

0-Day Clothing • October 7, 2013 2:32 PM

Ok, we’ve borrowed Andreas Wallberg’s design (Thank you Andreas!). T-shirts available here. Enjoy!

Nick P • October 7, 2013 4:18 PM

@ Particular random guy

“Even the NSA cannot club all internet users at once.”

Haha nicely put. Back when I promoted specific tech here, I often said I didn’t care if there were physical or esoteric (e.g. TEMPEST) attacks possible. My focus was eliminating “compromises from remote attackers.” That’s 99% of the problems. The others are harder and might force them to show their faces. So, yeah, better to be vulnerable to $5 wrenches rather than every technical attack people might want to throw at you. 😉

Wael • October 7, 2013 4:51 PM

@ Nick P,

better to be vulnerable to $5 wrenches

GI wrenches cost $500.00! Dontcha know?

Clive Robinson • October 7, 2013 5:33 PM

@ Nick P,

… beter to be vulnerable to $5 wrenches…

Actualy it’s better to make the wrench the “easy route” for an attacker and then have a good mitigation stratagie for that.

In physical security it is usually too expensive to put surveilance on all places to the level required for realy good defense. Thus you make an “easy/lazy route” and concentrate surveilance/defense there. It goes back to “The art of War” and knowing your enemy and picking your battle ground. It’s the same thinking behind “killing grounds” where you get the enemy in open ground and cut them down with unexpected cross fire from which they have no chance of escaping.

The trick is not to make the route to obvious or the attackers will smell a red herring and be suspicious and look for a harder route.

Clive Robinson • October 7, 2013 5:38 PM

@ Wael,

That 500 buck Gov Issue wrench…

Is that the plastic use once and throw away model made especialy for precision adjustment of the fuel filler cap on drones?

Wael • October 7, 2013 7:10 PM

@ Clive Robinson,

Is that the plastic use once and throw away model made especialy for precision adjustment of the fuel filler cap on drones?

Yup! The perfect product! From the same manufacturer. If you look at the features, you’ll see that they claim “Modest cost, long life (lol), low to zero maintenance”. What they don’t tell you is that you need to buy the “wrench” from them 🙂

cvolny • October 8, 2013 2:00 AM

And here I’ve been looking for a new UT-ACM shirt design. Comments/Suggestions?

https://plus.google.com/110112105687372144914/posts/HSS3y4pBMAd

zoli • October 8, 2013 4:41 PM

may I travel into USA in such a T-Shirt? 😎

smee • October 8, 2013 6:20 PM

@cvonly:

I like the design.

I saw a comment on your site suggesting to add Bruce’s name to the front of the shirt for those who don’t know who he is. I prefer the design without. It should be up to the individual wearer to educate those who ask.

kakaz • October 26, 2013 12:27 PM

Please take a look at this: http://golem.ph.utexas.edu/category/2013/10/who_ordered_that.html

This post starts with: “Prize for the most peculiar theorem of the year must surely go to my colleague Natalia Iyudu and her collaborator Stanislav Shkarin, who recently proved the following conjecture of Kontsevich.”

And ends with interesting comment: “Taking elementwise inverse is the only nonlinear operation in the block cipher AES” – maybe we have to not be so sure the math we know…

Andreas Wallberg • November 12, 2013 4:11 PM

Hi all!

Vector artist here. Glad you liked the design 🙂

I made a second one on Steve Gibson a while ago. You can find it over at my G+ account: https://plus.google.com/100580194039914237814/posts/Ka2CMn6P61t

Regards,
Andreas

Schneier on Security

"Trust the Math"

Comments

No hidden variables added by authority

Complexity is the enemy of security

Beware the Tyranny of the default

There are only 10 types of cryptographers in the world,

This message brought to you by your friends at,

No hidden variables added by authority

Complexity is the enemy of security

Beware the Tyranny of the default

There are only 10 types of cryptographers in the world, And the reader of this T-shirt is neither of them.

This message brought to you by your friends at, Setec Astronomy LLC.

Leave a comment Cancel reply