Bruce Schneier
Appearance
Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer.
Cryptography
[edit]- Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.
- Schneier, Bruce (1998-10-15). Memo to the Amateur Cipher Designer. Cryptogram newsletter. (aka Schneier's Law)
- There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.
- Bruce Schneier (1996). "Applied Cryptography 2nd edition Source Code in C". John Wiley & Sons.
- Attacks always get better, they never get worse.
- Schneier, Bruce (2009-07-01). New Attack on AES. Cryptogram newsletter.
- The lesson here is that it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Encryption is too important to be left solely to governments.
- Bruce Schneier (1996). "Applied Cryptography 2nd edition Source Code in C". John Wiley & Sons.
- A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
- preface to 2015 edition of Secrets and Lies
- It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.
- Secrets and Lies: Digital Security in a Networked World - Bruce Schneier
Digital Rights Management
[edit]- Digital files cannot be made uncopyable, any more than water can be made not wet.
- Schneier, Bruce (2001-05-15). The Futility of Digital Copy Prevention. Cryptogram newsletter. Retrieved on 2006-09-08.
- Every time I write about the impossibility of effectively protecting digital files on a general-purpose computer, I get responses from people decrying the death of copyright. "How will authors and artists get paid for their work?" they ask me. Truth be told, I don't know. I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked: "How do you expect us to get to the stars, then?" I'm sorry, but I don't know that, either.
- Schneier, Bruce (2001-08-15). Protecting Copyright in the Digital World. Cryptogram newsletter. Retrieved on 2016-05-02.
- Against the average user, anything works; there's no need for complex security software. Against the skilled attacker, on the other hand, nothing works.
- Schneier, Bruce (2001-08). The Fallacy of Trusted Client Software. Cryptogram newsletter. Retrieved on 2018-08-12.
Elections
[edit]- Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser.
- Schneier, Bruce (2018-04-18). American Elections Are Too Easy to Hack. We Must Take Action Now. The Guardian. Retrieved on 2018-08-12.
Politics and societal issues of the digital age
[edit]- It is poor civic hygiene to install technologies that could someday facilitate a police state.
- Secrets and Lies (2000), p. 53
- I mean, the computer industry promises nothing. Did you ever read a shrink-wrapped license agreement? You should read one. It basically says, if this product deliberately kills your children, and we knew it would, and we decided not to tell you because it might harm sales, we're not liable. I mean, it says stuff like that. They're absurd documents. You have no rights.
- "Your computer is not secure". Hartford Advocate. 2006-04-27.
- Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four.
- Schneier, Bruce (2005-12-16). Computer Crime Hype. Schneier on Security blog. Retrieved on 2006-09-08.
- Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
- Biancuzzi, Federico (2005-05-10). Bruce Schneier on Cryptography. SecurityFocus. Retrieved on 2006-09-08.
- When my mother gets a prompt 'Do you want to download this?' she's going to say yes. It's disingenuous for Microsoft to give you all of these tools [in Internet Explorer] with which to hang yourself, and when you do, then say it's your fault.
- Stross, Randall (2004-12-03). "Digital Domain: The Fox Is in Microsoft's Henhouse (and Salivating)". The New York Times. p. section 3, page 5.
Human perception of reality, risk and terrorism
[edit]- More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.
- Schneier, Bruce. Interview with Doug Kaye. "IT Conversations: Bruce Schneier." 2004-04-16.
- The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn't worry about it. It's when something is so common that its no longer news – car crashes, domestic violence – that we should worry.
- Schneier, Bruce (2008-09-04). "A fetishistic approach to security is a perverse way to keep us safe". The Guardian. Retrieved on 2012-08-01.
- … if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.
- Schneier, Bruce (2005-05-15). Should Terrorism be Reported in the News?. Cryptogram newsletter. Retrieved on 2006-09-08.
- We can't keep weapons out of prisons; we can't possibly expect to keep them out of airports.
- Schneier, Bruce (2005-05-15). Prison Shivs. Cryptogram newsletter. Retrieved on 2009-12-27.
- The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not the goal; those are just tactics.
The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act.
And we're doing exactly what the terrorists want.- Schneier, Bruce (2006-08-24). "Refuse to be Terrorized". Wired. Retrieved on 2006-09-08.
- Well-designed security systems fail gracefully.
- Schneier, Bruce (2006-03-14). Airport Security Failure. Schneier on Security. Retrieved on 2022-06-31.
Sourced
[edit]- Not being angels is expensive
- Liars & Outliers, Bruce Schneier, ISBN 978-1-118-14330-8, p. 43
- Technical problems can be remediated. A dishonest corporate culture is much harder to fix.
- Schneier, Bruce (2005-08-15). Visa and Amex Drop CardSystems. Cryptogram newsletter. Retrieved on 2006-09-08.
- Only amateurs attack machines; professionals target people.
- Schneier, Bruce (2000-10-15). Semantic Attacks: The Third Wave of Network Attacks. Schneier on Security blog. Retrieved on 2010-08-31.
- In China, programs have to be certified by the government in order to be used on computers there, which sounds an awful lot like the Apple store.
- Schneier, Bruce (speaker). (19 June 2013).(2013). Bruce Schneier: Talks at Google Google Inc..