Schneier on Security

The following remarks are excerpted from a general session presentation delivered at CSI’s NetSec Conference in St. Louis, MO, on June 15th, 1999.

At Counterpane Systems, we evaluate security products and systems for a living. We do a lot of breaking of things for manufacturers and other clients. Over the years, I’ve built a body of lore about the ways things tend to fail. I want to share my “top 20 list” of what’s wrong with security products these days.

Cryptography is a really neat technology, because it allows us to take existing business and social constructs from the real world and move them into the world of computer networks. This is actually the big idea of cryptography. It doesn’t do anything new, it doesn’t do anything magical…