Comments

Herman October 4, 2013 2:30 PM

One of my uncles remarked:

Long ago, we were young and pretty.

Now, we are just pretty…

ramriot October 4, 2013 2:40 PM

Definitely worth getting one.

Though back of T-Shirt should add, some of the following:-

-=<Trust, YES - BUT Verify>=-

No hidden variables added by authority

Complexity is the enemy of security

Beware the Tyranny of the default

There are only 10 types of cryptographers in the world,

And the reader of this T-shirt is neither of them.

This message brought to you by your friends at,

Setec Astronomy LLC.

ramriot October 4, 2013 2:42 PM

Comment parser redacted some of my post, repeating in full below:-

Definitely worth getting one.
Though back of T-Shirt should add, some of the following:-

-={ Trust YES, BUT Verify }=-

No hidden variables added by authority

Complexity is the enemy of security

Beware the Tyranny of the default

There are only 10 types of cryptographers in the world, And the reader of this T-shirt is neither of them.

This message brought to you by your friends at, Setec Astronomy LLC.

domb October 4, 2013 2:47 PM

If you’re serious about the t-shirt idea, anyone can create a campaign on teespring. I’d definitely buy one if the person who creates the campaign would be willing to give %100 of his/her profits to EFF.

James C October 4, 2013 3:08 PM

If there’s no campaign by tomorrow (the earliest I’d have time to set one up), I’d definitely set one up, profits to EFF and/or EPIC. I like the idea of a quote on the back, or something good from schneierfacts.com. What say you?

Jockular October 4, 2013 3:38 PM

At LEAST, please adopt this artwork (trust the math) for this blog, instead of your curret “mug shot”. BTW, I’d buy a tee too.

BJ October 4, 2013 4:04 PM

Anyone planning to do a t-shirt should download the VECTOR art, not the PNG.

If you don’t understand that, please find someone who does.

-sign October 4, 2013 4:05 PM

@M@
ugh but not that RSA algorithm…can that really be trusted…we need the TwoFish or something…

@kingsnake
“Wouldn’t surprise me if the NSA had put a back door in e = mc2 …”

haha yea. Or maybe they will add one into these T-Shirts…

@Garfinkel
“fed stories like this to make it look like only mentally ill folks believe these”…I guess that qualifies as “backwards conspiracy”? (a conspiracy-theory version of backwards psychology)

James C October 4, 2013 4:23 PM

Could just put a picture of a door on the back of the shirt…

I’d be fine with some explanation of “the math”, or even a stylized bit of code that implements some crypto function (I don’t think discussion of possible back doors is really necessary, but perhaps an implementation of Dual_EC_DRBG should be ruled out), but I personally think a quote would better. Or a hash of a quote.

David Leppik October 4, 2013 5:09 PM

I think it would be funny to have an open door on the back, with some Dual_EC_DRBG pseudocode behind it. But some people might not get the joke.

Curious October 4, 2013 5:25 PM

As an artist, the image could use just a little bit of touch up. The scale of the image fits the original photo, however the ear on left side is partly missing and I think some rebellious strands of hair should be sticking out from the sides a bit to match the original photo. 😛

Doug October 4, 2013 6:40 PM

Hey Bruce,

Any chance if getting a hi res version or the original photo? I like the shirt idea and would like to work on this. Thanks

Figureitout October 4, 2013 8:53 PM

Bruce
–You could almost put Bob Ross in place of your face too lol. Then on the back, your face w/ the quote “Attacks only get better”.

thirtythreeforty October 4, 2013 9:46 PM

Awesome! I want a shirt; it should definitely have RSA or a hashed quote on the back. And a link to schneier.com.

Now… Call me dumb but I can’t find the SVG art at the source link at all. (Then again, I’m pretty unfamiliar with G+.) Could someone explain where it is or provide a direct link?

William Lee October 5, 2013 1:39 AM

Rather ironic that the creator(?) is using g+…

I’d buy the t-shirt for sure, if overseas shipping didn’t cost 3x the cost of the shirt…

chesteroni October 5, 2013 2:10 AM

@David Leppik
Indeed, “some” people could not understand… 😀

@William Lee
I agree – S&H from outside of the US is far too costly, but I like the idea. The halo on the artwork resembles the Holy Mary 🙂

princeton October 5, 2013 9:52 AM

Trust the math is a farce. What math? Every time someone says this I cringe. Where is the math for AES or TwoFish that proves, for example, diffusion? If you trust the math then why do you rely almost entirely on the passage of time without evident breaks to establish the strength of an algorithm? Now THAT is snake oil.

princeton October 5, 2013 10:17 AM

There are many good papers examining block ciphers from an algebraic standpoint and which also discuss analysis of results. But these are all studies of HOW THE CIPHERS WORK. They are not proofs of performance. One can show great details of how any machine is built, documentation of the materials selected and processes used to build the machine. But these are not proofs of how well the machine performs. In fact, a given machine design may not work at all! And yet, here are all the details of construction, etc.

Stop the presses!
Change “Trust the Math” to “Hope in the Reputation”.

Funny, but why were alternative ciphers, alternatives to AES, given equal credibility for so long (TrueCrypt let you pick) when the perceived strength of a cipher was only supposed to build over time after having undergone the rigorous tests and analysis and resisted attacks for so long? Alternatives to AES have not been tested a tiny fraction as much, so why even trust the alternatives AT ALL? This contradiction exposes something that is seriously wrong. The whole reputation thing is a lot of smoke and mirrors. And now they say “Trust the Math.” What a joke. Show me the math!

princeton October 5, 2013 10:25 AM

Two HUGE paradigms under attack right now…

1) Don’t design and build crypto, ALWAYS use the same “approved” stuff as everyone else.

2) Source code made public is always better, stronger, because everyone reviews it and if there is anything wrong with it someone will find it.

What you don’t know CAN hurt you!

-sign October 5, 2013 10:42 AM

@princeton
Source code made public is always better, stronger, because everyone reviews it

I agree with you that public sources are always better than closed, but…

…looking at the recent mistrust expressed about TrueCrypt here it looks like it is not very easy to review cryptographic software?

Dr. I. Needtob Athe October 5, 2013 7:22 PM

“…looking at the recent mistrust expressed about TrueCrypt…”

I must have missed that. Could someone please post links?

A. Student October 6, 2013 5:36 AM

Ware the dreaded Chasm of Implementation that lies between the soaring Tower of Mathematics and the lowland Slough of Executing Code!

Ramo October 6, 2013 6:44 PM

@0-day Clothing: As suggested higher up, any thoughts on proceeds going to the EFF or similar?

Cheers

Ramo

CallMeLateForSupper October 7, 2013 8:53 AM

Regarding the t-shirt artwork, I would prefer more prominent text. After all, that is the message. And I agree that the theme should be continued on the back of the t-shirt. Just my 0.00009 Bitcoins. 🙂

I’m reminded of a t-shirt that was my favorite, a-way back in my misspent youth (read: college days): solid deep blue shirt; Maxwell’s equations in snow white characters. Those vector algebra equations usually elicited prolonged stares.

Nick P October 7, 2013 4:18 PM

@ Particular random guy

“Even the NSA cannot club all internet users at once.”

Haha nicely put. Back when I promoted specific tech here, I often said I didn’t care if there were physical or esoteric (e.g. TEMPEST) attacks possible. My focus was eliminating “compromises from remote attackers.” That’s 99% of the problems. The others are harder and might force them to show their faces. So, yeah, better to be vulnerable to $5 wrenches rather than every technical attack people might want to throw at you. 😉

Clive Robinson October 7, 2013 5:33 PM

@ Nick P,

    … beter to be vulnerable to $5 wrenches…

Actualy it’s better to make the wrench the “easy route” for an attacker and then have a good mitigation stratagie for that.

In physical security it is usually too expensive to put surveilance on all places to the level required for realy good defense. Thus you make an “easy/lazy route” and concentrate surveilance/defense there. It goes back to “The art of War” and knowing your enemy and picking your battle ground. It’s the same thinking behind “killing grounds” where you get the enemy in open ground and cut them down with unexpected cross fire from which they have no chance of escaping.

The trick is not to make the route to obvious or the attackers will smell a red herring and be suspicious and look for a harder route.

Clive Robinson October 7, 2013 5:38 PM

@ Wael,

That 500 buck Gov Issue wrench…

Is that the plastic use once and throw away model made especialy for precision adjustment of the fuel filler cap on drones?

Wael October 7, 2013 7:10 PM

@ Clive Robinson,

Is that the plastic use once and throw away model made especialy for precision adjustment of the fuel filler cap on drones?

Yup! The perfect product! From the same manufacturer. If you look at the features, you’ll see that they claim “Modest cost, long life (lol), low to zero maintenance”. What they don’t tell you is that you need to buy the “wrench” from them 🙂

smee October 8, 2013 6:20 PM

@cvonly:

I like the design.

I saw a comment on your site suggesting to add Bruce’s name to the front of the shirt for those who don’t know who he is. I prefer the design without. It should be up to the individual wearer to educate those who ask.

kakaz October 26, 2013 12:27 PM

Please take a look at this: http://golem.ph.utexas.edu/category/2013/10/who_ordered_that.html

This post starts with: “Prize for the most peculiar theorem of the year must surely go to my colleague Natalia Iyudu and her collaborator Stanislav Shkarin, who recently proved the following conjecture of Kontsevich.”

And ends with interesting comment: “Taking elementwise inverse is the only nonlinear operation in the block cipher AES” – maybe we have to not be so sure the math we know…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.