Security in the Real World: How to Evaluate Security
Computer Security Journal, v 15, n 4, 1999, pp. 1-14
The article contains excerpts from a general session presentation delivered at CSI's NetSec Conference in St. Louis, MO, on June 15th, 1999.
SUMMARY: Cryptography has the potential of transforming the Internet, or any network, from an academic toy into a real business tool. It does so by allowing us to do real business -- for example, signing and enforcing contracts or doing e-commerce. Unfortunately, most of the products out there aren't very good. They have problems, they're broken. Most cryptography in these products doesn't perform as advertised. The article discusses why this happens, what you should watch out for, and what can be done to change the situation.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.