News Tagged "RISKS Digest"

Page 1 of 1

REVIEW: Bruce Schneier, Liars and Outliers: …

  • Rob Slade
  • RISKS Digest
  • February 20, 2012

Chapter one is what would ordinarily constitute an introduction or preface to the book. Schneier states that the book is about trust: the trust that we need to operate as a society. In these terms, trust is the confidence we can have that other people will reliably behave in certain ways, and not in others. In any group, there is a desire in having people cooperate and act in the interest of all the members of the group. In all individuals, there is a possibility that they will defect and act against the interests of the group, either for their own competing interest, or simply in opposition to the group. (The author notes that defection is not always negative: positive social change is generally driven by defectors.) Actually, the text may be more about social engineering, because Schneier does a very comprehensive job of exploring how confident we can be about trust, and they ways we can increase (and sometimes inadvertently decrease) that reliability…

REVIEW: Beyond Fear, Bruce Schneier

  • Rob Slade
  • RISKS Digest
  • May 25, 2004

It is instructive to view this book in light of another recent publication. Marcus Ranum, in “The Myth of Homeland Security” (cf. BKMYHLSC.RVW) [See Rob’s review in RISKS-23.02 and Marcus’s response in RISKS-23.14. PGN] complains that the DHS (Department of Homeland Security) is making mistakes, but provides only tentative and unlikely solutions. Schneier shows how security should work, and does work, presenting basic concepts in lay terms with crystal clarity. Schneier does not tell you how to prepare a security system as such, but does illustrate what goes on in the decision-making process…

REVIEW: Practical Cryptography, Bruce Schneier/Niels Ferguson

  • Rob Slade
  • RISKS Digest
  • November 17, 2003

The preface points out that cryptography has done more harm than good in terms of securing information systems, not because cryptography fails in and of itself, but, rather, due to the improper use or implementation of the technology. This book is intended to provide concrete advice to those designing and implementing cryptographic systems. As such, it is not the usual introduction to cryptography, and is aimed at a fairly limited group.

Chapter one asserts that we should be engineering for security, rather than speed or bells and whistles. Security is only as strong as the weakest link, we are told in chapter two, and (following from the idea of defence in depth) we need to have engineering in depth (and probably breadth, as well). The issues are important, but there is some lack of clarity to the organization and flow of the text and arguments: the reader may start to wonder what the essence of the message is. (I see that I should have trademarked “professional paranoia” when I started using it years ago, but it is nice to note that the point is being taken.) Chapter three is a rather unusual “Introduction to Cryptography” (and the mathematical format of the text doesn’t make it easier for the math-phobic to concentrate on the meaning), but focussing on the applications and problems, the cryptanalytic attacks, and repeating the injunctions against complexity and the sacrifice of security for performance is a reasonable position…

REVIEW: Bruce Schneier, Secrets and Lies: Digital Security in a Networked World

  • Rob Slade
  • RISKS Digest
  • July 30, 2001

Secrets and Lies has generated a great deal of interest in the security community this year. Much of this interest probably stems from the simple fact that it isn’t every day (or every year) that you get a general security book, written for the non-specialist, produced by a major name in the field. But one point seems to have been glossed over in the praise for this work. Schneier’s writing is lively, entertaining, and even playful throughout the entire book. Not only is this volume a realistic and useful view of the security enterprise, but it’s a lot of fun…

E-Mail Security by Schneier

  • Rob Slade
  • RISKS Digest
  • February 24, 1995

This is the third work that I have seen on the PGP (Pretty Good Privacy) text encryption and authentication system. (I understand that at least two more are in the works.) It is also the first to truly present the general concept of email security by covering the only other realistic option–the Internet Privacy Enhanced Mail (PEM) standard and (Mark) Riordan’s Internet Privacy Enhanced Mail (RIPEM) implementation. The book divides roughly into quarters discussing background, practical use, the PGP documentation, and the PEM RFCs.

The work is considerably different, in style, to the Stallings (…

Applied Cryptography by Schneier

  • Rob Slade
  • RISKS Digest
  • December 6, 1994

For anyone who wants to study cryptography, you can save yourself a lot of time and effort by getting Schneier’s book. From the simple Caesar cipher to RSA and beyond, there is nothing the book doesn’t at least touch on. Protocols, techniques, algorithms, and even source code are included. A “Real World” section looks both at specific implementations and at the politics of encryption.

Schneier notes that his work is *not* a mathematical text. It is difficult to say how much of a shortcoming this is for any given reader, but a safe bet is “not much”. For those who do need more rigorous treatments of specific topics, the bibliography lists almost a thousand references, all of which are described and cited within the book text at some point…

Sidebar photo of Bruce Schneier by Joe MacInnis.