Bruce Schneier on Cryptography
Federico Biancuzzi, 2005-05-10
An interview with Bruce Schneier on some current trends in
cryptography.
Could you introduce yourself ?
I'm a security technologist. My career has been a series of
generalizations. I started working in cryptography: mathematical
security. Then I realized that all the cryptography in the world
won't help if the computer is insecure, and all the computer security
won't help if the network is insecure. Since then, I have been
concentrating more on the social and economic aspects of security,
realizing that all the technology in the world won't help if those
aren't done right.
More on my background can be found on schneier.com
NSA licensed Certicom's EC patents for $25 million last year, and
recently announced the new US government standard for key agreement
and digital signatures, called Suite B. It uses Elliptic Curve Diffie-
Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key
agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for
signature generation/verification. Do you think that NSA is promoting
ECC based crypto because they cannot crack RSA/DSA based one ?
I do not. I believe the NSA believes that ECC is strong. I wrote
about ECC here:
Although I wrote that in 1999, I am still skeptical about elliptic
curves.
Or maybe just because they can crack RSA/DSA they prefer to protect
USbusiness with ECC (supposed to be harder to crack)?
With sufficient key lengths, all of this is uncrackable. I don't
believe that the NSA has any secret mathematics that they use to
break RSA/DSA or ECC.
Would a quantum computer do the job ?
In theory, yes. In practice, we have no idea how to build one to do
it. Maybe in fifty years. Or twenty-five.
Some time ago you co-authored a paper on software monopoly risks.
What about crypto monopoly? Don't you think that having just a couple
of public-key algorithms based on the same math problem could lead to
a catastrophe if cracked ?
The security advantages of a common cryptographic algorithm far
outweigh the disadvantages. I've written about that as well:
What would you do if you found a solution to the factorization
problem?
Any cryptographer, if they found something so significant as a
solution of the factorization, would publish their results. Such a
discovery would likely result in profound changes in how we view
number theory, and would be the mathematical discovery of the
decade...and maybe even more important.
Since most crypto protocols on the internet, such as SSL or SSH, uses
public-keys to build a secure channel, wouldn't a unexpected public
disclosure create a chaos on the internet ?
No. Chaos is hard to create, even on the Internet.
Here's an example. Go to Amazon.com. Buy a book without using SSL.
Watch the total lack of chaos.
In the security community there are various ways of thinking about
vulnerabilities disclosure (public-, full-, responsible-, no). What
is the situation in the crypto community? What type of disclosure
process is there?
Most security professionals believe in full disclosure, and
cryptographers are no exception. The advancement of the science is
best served by the free exchange of ideas.
Why is often used a money-rewarded challenge to verify a crypto
algorithm?
Because it's free consulting work, and money is an attempt to add
some financial incentive. Most of the time it's a sham. While there
are some legitimate contests, most are just attempts to gain
publicity.
Recently some papers addressing hash functions were published, and
you suggested on your blog that it's time to get to work replacing
SHA. You wrote: "The NIST already has standards for longer -- and
harder to break -- hash functions: SHA-224, SHA-256, SHA-384, and SHA-
512. They're already government standards, and can already be used.
This is a good stopgap, but I'd like to see more." Why do you think
we need a new hash function?
There have been significant advances in the cryptanalysis of hash
functions since SHA was proposed, and there are significant advances
still to be had. A competition to choose a new standard is an
excellent way to stimulate research in this topic.
It seems that WiFi has the same problem of most (all?) protocols. Do
you think that the problem is that we can't develop a secure
protocol, or that people who define standards underestimate security
threats?
It's both. It is very hard for an experienced cryptographer to design
a secure protocol, and most Internet protocols are not designed by
experienced cryptographers. Most internet protocols are the result of
consensus, which is not how to design security.
Is crypto the only solution?
It depends on the problem.
I mean TCP/IP does not use crypto, while a VPN does. Do you think
that in the future we'll use crypto for every type of communication?
No. I think we'll use cryptography where it makes sense to use it.
Cryptography is certainly the primary security tool for digital
communications, so I expect it will be used in every type of
communications that requires some kind of security.
Should we use crypto to stop the spam problem?
Spam is not a problem that cryptography can solve. And I think we're
doing well solving the spam problem; it's one of computer security's
success stories. The current crop of anti-spam products and services
are great; I hardly get any spam.
Wireless is being used everywhere: mouse, keyboard, printers,
monitors, computers, rfid, and so on. In the near future we'll get
WUSB, a wireless replacement for USB too. Isn't this a dangerous path
?
Wireless is definitely more dangerous than wired, because of the
possibility of surreptitious access. But wireless is easier, which is
why we're seeing more of it. Yes, it's a dangerous path.
What technology do you expect will replace the use of passwords ?
Authentication can be something you know, something you have, or
something you are. Tokens and biometrics are a good addition to
passwords, and will be used more and more for security.
You taught us that "security is a process". Looking at the security
market, I see that most of the processes are developed to find and
block what is considered an attack. Shouldn't be better looking for
what is known as a good thing, and block all the rest without
analyzing it?
Security professionals always like system[s] that fail closed: don't
allow things that are not explicitly permitted. Network
administrators -- people more concerned with things working smoothly -
- prefer systems that fail open: allow everything except what's
explicitly forbidden. Systems that fail closed are always more
secure, but the price paid is convenience and ease of use.
Would Palladium (trusted computing) really prevent a user with
physical access to the hardware from reaching his target ?
Does a Digital Rights Management system for music files make sense
from a cryptographer standpoint ? Can anyone really share a file and
be sure that people will be able to use it only the way he likes ?
Most of the biggest breakins in the past 5 years used X.25 networks
to attack systems of telcos, banks, governments, military forces, and
multinationals. Why do you think nobody talk anymore about X.25
security ?
The Internet is what's interesting, so that's what gets the press.
There are still X.25 vulnerabilities, and attacks. But these days
everyone uses, and attacks, the Internet.
Some famous hackers that were caught such as Mitnick or Poulsen, now
work as security consultants for big companies in the US. This
doesn't happen in every part of the world. Especially in Europe there
is a different feeling about convicted hackers: they cannot be
trusted, because if they did once, it's probable they'll do it again.
Which approach do you consider wiser ?
I think it's wise to hire honest, ethical, qualified, smart people,
and that people should be individually evaluated against that
criteria. It's wrong to pass judgement on an entire class of people
simply because they may have had chequered past. I don't know the
recidivism rate of hackers, but I do know that many people grow up to
regret some of the things they did as adolescents. I have no problem
hiring people who used to be hackers.
What type of schools, courses, and certifications would you suggest
for a high school student interested in cryptography?
I wrote an essay about this: "So, You Want to be a Cryptographer".
Are you currently writing a new book ?
Right now I'm not, but I'm sure I will be before long.
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:03:50
search: