Schneier on Security

Cryptography is often treated as if it were magic security dust: “sprinkle some on your system, and it is secure; then, you’re secure as long as the key length is large enough—112 bits, 128 bits, 256 bits” (I’ve even seen companies boast of 16,000 bits.) “Sure, there are always new developments in cryptanalysis, but we’ve never seen an operationally useful cryptanalytic attack against a standard algorithm. Even the analyses of DES aren’t any better than brute force in most operational situations. As long as you use a conservative published algorithm, you’re secure.”…

1999 is a pivotal year for malicious software ( malware) such as viruses, worms, and Trojan horses. Although the problem is not new, Internet growth and weak system security have evidently increased the risks.

Viruses and worms survive by moving from computer to computer. Prior to the Internet, computers (and viruses!) communicated relatively slowly, mostly through floppy disks and bulletin boards. Antivirus programs were initially fairly effective at blocking known types of malware entering personal computers, especially when there were only a handful of viruses. But now there are over 10,000 virus types; with e-mail and Internet connectivity, the opportunities and speed of propagation have increased dramatically…

Biometrics are seductive. Your voiceprint unlocks the door of your house. Your iris scan lets you into the corporate offices. You are your own key. Unfortunately, the reality isn’t that simple.

Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognize faces. On the telephone, your voice identifies you. Your signature identifies you as the person who signed a contract.

In order to be useful, biometrics must be stored in a database. Alice’s voice biometric works only if you recognize her voice; it won’t help if she is a stranger. You can verify a signature only if you recognize it. To solve this problem, banks keep signature cards. Alice signs her name on a card when she opens the account, and the bank can verify Alice’s signature against the stored signature to ensure that the check was signed by Alice…

French translation

From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can protect your anonymity or prove your identity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital…