Security in the Real World: How to Evaluate Security

B. Schneier

Computer Security Journal, v 15, n 4, 1999, pp. 1-14

The article contains excerpts from a general session presentation delivered at CSI's NetSec Conference in St. Louis, MO, on June 15th, 1999.

SUMMARY: Cryptography has the potential of transforming the Internet, or any network, from an academic toy into a real business tool. It does so by allowing us to do real business -- for example, signing and enforcing contracts or doing e-commerce. Unfortunately, most of the products out there aren't very good. They have problems, they're broken. Most cryptography in these products doesn't perform as advertised. The article discusses why this happens, what you should watch out for, and what can be done to change the situation.

[PDF (Acrobat)] [plaintext]

earlier essay: 1998 Crypto Year-in-Review
later essay: Intel's Processor ID
categories: Computer and Information Security
back to Essays and Op Eds

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..