Bruce Schneier

From Wikiquote
Jump to navigation Jump to search
Bruce Schneier in 2007

Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer.


  • Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.
  • There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.
  • Attacks always get better, they never get worse.
  • The lesson here is that it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Encryption is too important to be left solely to governments.
  • A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
    • preface to 2015 edition of Secrets and Lies
  • It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.
    • Secrets and Lies: Digital Security in a Networked World - Bruce Schneier

Digital Rights Management

  • Digital files cannot be made uncopyable, any more than water can be made not wet.
  • Every time I write about the impossibility of effectively protecting digital files on a general-purpose computer, I get responses from people decrying the death of copyright. "How will authors and artists get paid for their work?" they ask me. Truth be told, I don't know. I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked: "How do you expect us to get to the stars, then?" I'm sorry, but I don't know that, either.
  • Against the average user, anything works; there's no need for complex security software. Against the skilled attacker, on the other hand, nothing works.



Politics and societal issues of the digital age

  • It is poor civic hygiene to install technologies that could someday facilitate a police state.
    • Secrets and Lies (2000), p. 53
  • I mean, the computer industry promises nothing. Did you ever read a shrink-wrapped license agreement? You should read one. It basically says, if this product deliberately kills your children, and we knew it would, and we decided not to tell you because it might harm sales, we're not liable. I mean, it says stuff like that. They're absurd documents. You have no rights.
    • "Your computer is not secure". Hartford Advocate. 2006-04-27. 
  • Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four.
    • Schneier, Bruce (2005-12-16). Computer Crime Hype. Schneier on Security blog. Retrieved on 2006-09-08.
  • Chaos is hard to create, even on the Internet. Here's an example. Go to Buy a book without using SSL. Watch the total lack of chaos.
  • When my mother gets a prompt 'Do you want to download this?' she's going to say yes. It's disingenuous for Microsoft to give you all of these tools [in Internet Explorer] with which to hang yourself, and when you do, then say it's your fault.

Human perception of reality, risk and terrorism

  • More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.
  • The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn't worry about it. It's when something is so common that its no longer news – car crashes, domestic violence – that we should worry.
  • … if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.
  • We can't keep weapons out of prisons; we can't possibly expect to keep them out of airports.
    • Schneier, Bruce (2005-05-15). Prison Shivs. Cryptogram newsletter. Retrieved on 2009-12-27.
  • The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not the goal; those are just tactics.
    The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act.
    And we're doing exactly what the terrorists want.
  • Well-designed security systems fail gracefully.


  • In China, programs have to be certified by the government in order to be used on computers there, which sounds an awful lot like the Apple store.
Wikipedia has an article about: