Entries Tagged "Schneier news"
Page 35 of 46
Schneier on 60 Minutes
I’ll be on 60 Minutes this Sunday. I honestly don’t know how it will look; it wasn’t my best interview.
EDITED TO ADD (12/23): Here’s the segment.
Influential Security Professionals
I have been named as one of the 25 most influential people in the security industry.
Another Schneier on Security Book Review
Another book review. Remember, you can order your signed copies here. They make great Christmas presents.
Protecting Yourself from Hotel Terrorism
I stand by what I said:
Also, my personal security guru, Bruce Schneier, says it’s foolish even to worry about hotel safety, because the chances of something happening on any particular night in any particular hotel are vanishingly small. The taxi ride to the hotel is invariably more dangerous than the hotel itself.
But if you tend to stay in targeted hotels, the advice is pretty good.
Skein and SHA-3 News
There are two bugs in the Skein code. They are subtle and esoteric, but they’re there. We have revised both the reference and optimized code—and provided new test vectors—on the Skein website. A revision of the paper—Version 1.1—has new IVs, new test vectors, and also fixes a few typos in the paper.
Errata: Version 1.1 of the paper, reference, and optimized code corrects an error in which the length of the configuration string was passed in as the size of the internal block (256 bits for Skein-256, 512 for Skein-512, and 1024 for Skein-1024), instead of a constant 256 bits for all three sizes. This error has no cryptographic significance, but affected the test vectors and the initialization values. The revised code also fixes a bug in the MAC mode key processing. This bug does not affect the NIST submission in any way.
NIST has received 64 submissions. (This article interviews one of the submitters, who is fifteen.) Of those, 28 are public and six have been broken. NIST is going through the submissions right now, making sure they are complete and proper. Their goal is to publish the accepted submissions by the end of the month, in advance of the Third Cryptographic Hash Workshop to be held in Belgium right after FSE in February. They expect to quickly make a first cut of algorithms—hopefully to about a dozen—and then give the community about a year of cryptanalysis before making a second cut in 2010.
Lastly, this is a really nice article on Skein.
These submissions make some accommodation to the Core 2 processor. They operate in “little-endian” mode (a quirk of the Intel-like processors that reads some bytes in reverse order). They also allow a large file to be broken into chunks to split the work across multiple processors.
However, virtually all of the contest submissions share the performance problem mentioned above. The logic they use won’t optimally fit within the constraints of a Intel Core 2 processor. Most will perform as bad or worse than the existing SHA-1 algorithm.
One exception to this is Skein, created by several well-known cryptographers and noted pundit Bruce Schneier. It was designed specifically to exploit all three of the Core 2 execution units and to run at a full 64-bits. This gives it roughly four to 10 times the logic density of competing submissions.
This is what I meant by the Matrix quote above. They didn’t bend the spoon; they bent the crypto algorithm. They moved the logic operations around in a way that wouldn’t weaken the crypto, but would strengthen its speed on the Intel Core 2.
In their paper (PDF), the authors of Skein express surprise that a custom silicon ASIC implementation is not any faster than the software implementation. They shouldn’t be surprised. Every time you can redefine a problem to run optimally in software, you will reach the same speeds you get with optimized ASIC hardware. The reason software has a reputation of being slow is because people don’t redefine the original problem.
That’s exactly what we were trying to do.
EDITED TO ADD (11/20): I wrote an essay for Wired.com on the process.
Schneier for TSA Administrator
It’s been suggested. For the record, I don’t want the job.
Since the election, the newspapers and Internet have been flooded with unsolicited advice for President-elect Barack Obama. I’ll go ahead and add mine.
[…]
And by “revamp,” I mean “start over.” Most security experts agree that the rigmarole we go through at the airport is mere security theater, designed not to make us safer, but to make us feel safer by making it increasingly inconvenient to fly. TSA’s approach to security is too reactionary—too set on preventing attacks and attempted attacks that have already happened. And please, whatever you do, resist the temptation to let TSA workers unionize. Security from terror attacks should not be a federal jobs program. You need the authority to fire underperforming screeners quickly and effortlessly. Three game-changing possibilities to head up TSA: security guru Bruce Schneier, Cato Institute security and technology scholar Jim Harper, or Ohio State University’s John Mueller.
Although I’d be happy to see either Jim or John with it.
I don’t want it because it’s too narrow. I think the right thing for the government to do is to give the TSA a lot less money. I’d rather they defend against the broad threat of terrorism than focus on the narrow threat of airplane terrorism, and I’d rather they defend against the myriad of threats that face our society than focus on the singular threat of terrorism. But the head of the TSA can’t have those opinions; he has to take the money he’s given and perform the specific function he’s assigned to perform. Not very much fun, really.
But I’d be happy to advise whoever Obama choses to head the TSA.
The job of the nation’s CTO would be more interesting, but I don’t think I want it, either. (Have you seen the screening process?)
Datamation Interview
Interview with me from Datamation.
Me on Passwords
My Guardian article also appeared in The Hindu. Nothing I haven’t said before.
Censorship in Dubai
I was in Dubai last weekend for the World Economic Forum Summit on the Global Agenda. (I was on the “Future of the Internet” council; fellow council members Ethan Zuckerman and Jeff Jarvis have written about the event.)
As part of the United Arab Emirates, Dubai censors the Internet:
The government of the United Arab Emirates (UAE) pervasively filters Web sites that contain pornography or relate to alcohol and drug use, gay and lesbian issues, or online dating or gambling. Web-based applications and religious and political sites are also filtered, though less extensively. Additionally, legal controls limit free expression and behavior, restricting political discourse and dissent online.
More detail here.
What was interesting to me about how reasonable the execution of the policy was. Unlike some countries—China for example—that simply block objectionable content, the UAE displays a screen indicating that the URL has been blocked and offers information about its appeals process.
Sidebar photo of Bruce Schneier by Joe MacInnis.