News in the Category "Articles"

Page 20 of 21

Strong Cryptography Can't Protect a Weak System

  • Peter Coffee
  • PC Week
  • August 10, 1998

Despite oven-hot July heat, a recent trip to Las Vegas to hear Bruce Schneier speak to IT security pros and customers at the second annual Black Hat Briefings (www.blackhat.com) was well worthwhile.

In remarks titled “A Hacker Looks at Cryptography,” Schneier punctured the hype that often surrounds his own area of expertise. You might not expect to hear Schneier, author of the widely praised book “Applied Cryptography,” reminding an audience of a comment that’s often quoted, but that neither of the suspected sources will admit to having made: “If you think cryptography can solve your problem, then you don’t understand your problem and you don’t understand cryptography.”…

Read More →

Twofish Heads to Washington

  • Wired
  • June 15, 1998

A team led by Applied Cryptography author Bruce Schneier has invented a new block encryption algorithm and submitted it for consideration as the next new federal government standard for data scrambling.

Twofish, the sequel to Schneier’s 5-year-old Blowfish block cypher, was submitted last week to the National Institute of Standards and Technology (NIST) for consideration as the Advanced Encryption Standard.

Twofish is designed to be flexible with respect to the necessary performance tradeoffs between the creation of a “secret key” and execution of the actual encryption. As such, it is well suited to large microprocessors, smart cards, and dedicated hardware…

Read More →

Firm Finds Big Security Holes in Windows NT

  • Robert Lemos
  • ZDNet
  • June 2, 1998

Flaws in Microsoft Corp.’s Windows NT software threaten the security of companies using the Internet to tie together their far-flung corporate locations, a computer security consulting firm declared on Monday. “We were able to sniff passwords, eavesdrop on the networks, and passively do traffic analysis,” said Bruce Schneier, president of Counterpane Systems Inc., of Minneapolis, Minn. “Any Microsoft NT server on the Internet is insecure.”

Counterpane discovered the problems while doing a security analysis on a Windows NT, an operating system used by a swiftly growing number of corporations as the foundation for their computer networks. Microsoft confirmed the security problems later the same day…

Read More →

Cryptographer Slams NT Security

  • CNET
  • June 2, 1998

A top cryptographer said Microsoft’s version of a key protocol in Windows NT is so flawed that users should avoid using virtual private network software based on Microsoft’s Point to Point Tunneling Protocol.

Bruce Schneier, a noted cryptographer, said the PPTP in Windows NT 4.0 is so broken it can’t be fixed with patches—a position that Microsoft disputes.

“I believe it’s fundamentally broken,” said Schneier, who authored a widely used cryptography textbook. “What we’re seeing is the basic problem of proprietary security standards. These are really dumb mistakes, kindergarten crypto.”…

Read More →

Windows NT Security Under Fire

  • Chris Oakes
  • Wired
  • June 1, 1998

Listen to security expert and consultant Bruce Schneier and he’ll tell you that Windows NT’s security mechanism for running virtual private networks is so weak as to be unusable. Microsoft counters that the issues Schneier points out have mostly been addressed by software updates or are too theoretical to be of major concern.

Schneier, who runs a security consulting firm in Minneapolis, says his in-depth "cryptanalysis" of Microsoft’s implementation of the Point-to-Point Tunneling Protocol (PPTP) reveals fundamentally flawed security techniques that dramatically compromise the security of company information…

Read More →

Crypto Flaw Found in Microsoft Net Product

  • George Leopold
  • EE Times
  • June 1, 1998

MINNEAPOLIS—A computer security expert will announce today that he has found a flaw in Microsoft Corp.’s implementation of a communications protocol used in many virtual private networks.

Bruce Schneier, president of Counterpane Systems here, said Microsoft’s implementation of the point-to-point-tunneling protocol will lead to compromised passwords, disclosure of private information and server break downs in virtual private networks running under Windows NT and 95.

"Microsoft’s implementation is seriously flawed on several levels," said Schneier. "It uses weak authentication and poor encryption." For example, he said Microsoft employed users’ passwords as an encryption key instead of using other well-known and more secure alternatives…

Read More →

Keeping Secrets in the Digital Age

  • Edward A. Mazza
  • The Daily Yomiuri
  • September 23, 1997

Used with permission

As the world goes digital, encryption standards become more important.

Even those who don’t use the Internet are affected by security in the online age—everything from bank account and medical information to credit card numbers and transactions requires some form of coding to protect it from prying eyes.

Yet all is not well—with each new standard comes crackers to break it. And, at the other end, governments—particularly that of the United States—are trying their darndest to ensure that encryption technology doesn’t get too powerful. After all, they reason, if encoding techniques become too good, crooks can use them to subvert society…

Read More →

Common Sense Crypto

  • Tom Claburn
  • Wired
  • June 1997

When Thomas Paine published Common Sense in 1776 – arguing that the American cause was not merely a revolt against unfair taxation, but a demand for independence – he had no idea that more than 200 years later, the struggle for freedom would be waged between privacy advocates and the national-security establishment. This time, the dispute is over not taxation without representation, but communication without government intervention.

One of today’s crypto revolutionaries is Bruce Schneier, the neatly dressed, ponytailed author of Applied Cryptography…

Read More →

Cellular Can Be Cracked

  • Richard Cole
  • Associated Press
  • March 21, 1997

A few minutes work on a computer can break the codes that are supposed to protect new digital cellular phone technology from eavesdroppers, a team of researchers said Thursday. The cellular phone industry claimed the impact on users would be “virtually none,” since engineers were working to strengthen the encryption and since a separate code that scrambles voices was not broken.

The Cellular Telecommunications Industry Association also denied that its codes could be broken so easily.

"It involves very sophisticated knowledge," an association statement said. "The announced attack requires multiple minutes—up to hours—of high speed computer processing to break the coded message."…

Read More →

WirelessNOW Exclusive—Extra Edition

  • WirelessNOW
  • March 21, 1997

used with permission

In 1992, the wireless industry adopted an encryption system that was
deliberately made less secure than what knowledgeable experts recommended
at the time. It was accepted by the industry because it was a standard that
would meet federal export regulations and would enable digital cell phone
manufacturers to make one phone that could be sold in either the US or
abroad, thus saving money.

As a result, the potential for eavesdropping has always existed and,
some say, has been waiting for criminals with advanced techniques to…

Read More →
1 18 19 20 21

Sidebar photo of Bruce Schneier by Joe MacInnis.