Bruce Schneier interview
Goto page Previous  1, 2, 3  Next  :||:
Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

Author: B-ConLocation: int main() PostPosted: Sat Nov 19, 2005 10:57 pm    Post subject:
    ----
Hey,

mxb wrote:
1) You have previously suggested holding software developers liable for the security in their products. What is your opinion about free software?


He answered this question in (I believe) Secrets and Lies. He believes that only proprietary software deserves to be held liable.

Quote:
2) As privacy seems to be currently eroding away, with the requests for wiretapping VOIP calls, logging of internet usage, and so forth, do you think that eventually the general public will realise and start to demand that privacy back?

3) With the current tactics being employed by the RIAA/MPAA against file sharers, what do you think about the current generation of file sharing networks? Do you think that actions by such corporations are a major driving force behind the research and development of anonymous and encrypted networks?


Excellent questions. I would heartily second them.

Author: mxb PostPosted: Sat Nov 19, 2005 11:22 pm    Post subject:
    ----
B-Con wrote:
He answered this question in (I believe) Secrets and Lies. He believes that only proprietary software deserves to be held liable.


Indeed, I think you are correct. I've only just finished reading it again, so that might be why I 'thought' of it!

Cheers,
Martin

Author: JustinTLocation: Asheville, NC, US / Uberlāndia, MG, Brazil PostPosted: Sun Nov 20, 2005 6:26 am    Post subject: MACs and notions.
    ----
All of this, preferably (it's long, but the context is needed):

JustinT wrote:

As an academic researcher in cryptography, I pay attention to what you might call the "nitty gritty" areas of cryptanalysis, that the layman wouldn't be aware of; the layman is, ironically enough, sometimes the individual responsible for incorporating some type of cryptographic layer within their framework. When doing a superficial analysis of the specifications, the first thing I look for, habitually, is a MAC. When arriving at some sensible, conservative threat model, more often than not, an integrity failure is just as detrimental than a confidentiality failure; it's also the case, many times, that a loss of the former is even greater than the latter.

There is ample justification for the preservation of integrity through a message authentication code. I have no doubt there. My question entails correlations between notions of security, and compositions for authentication and encryption. Today, it seems plausible that for a modern implementation, we would like to have something that is IND-CCA2 secure and achieves INT-PTXT. For example, I like the rationale behind authenticating first, then encrypting last. However, given the results of Bellare and Namprempre, although this composition allows us to achieve INT-PTXT, it's only IND-CPA secure. On the other hand, there have been instances when this composition was sufficient for a particular threat model I was addressing.

I prefer relying on as few assumptions as possible, and being as conservative as possible, so my question is, "When addressing authentication, should we apply a composition that satisfies the threat model for a particular application, even if it does not particularly satisfy IND-CCA2 security ("MAC-then-Encrypt"), or should we only consider compositions that satisfy IND-CCA2, and achieve at least INT-PTXT?"

The latter seems a bit more comfortable, and here's my rationale. While the proofs associated with these notions aren't surefire guarantees of security, they are, however, useful for reducing the amount of assumptions we have to make, and I am more confident in reducing assumptions, as opposed to applying a composition that isn't IND-CCA2 secure, and assuming that my threat model considers every threat that is applicable to the scenario, and favorable to the adversary. I certainly see the rationale behind your advocation of authenticating first, as noted in your book with Niels Ferguson. However, would it be simpler, and more responsible, to encrypt first, by say, applying a SUF-CMA MAC to an IND-CPA secure encryption construction's ciphertext, which would satisfy IND-CCA2 (and NM-CCA2) and INT-CTXT (and INT-PTXT)?

I've seen both secure and insecure instances of both AtE and EtA, and there are certainly many details and subtleties to get right for either, but I'm curious as to where you stand on the importance of order, and these notions of security. I believe it to be a vital goal to strive for simplicity and the reduction of assumptions, which is my main concern. There's certainly no wrong in wanting to get the MAC part right, and those two goals seem to be key proponents in doing so!

Author: dataLocation: India PostPosted: Sun Nov 20, 2005 1:56 pm    Post subject:
    ----
To Dr.Schneier:

What is your advice to young budding cryptologist's?

Author: B-ConLocation: int main() PostPosted: Mon Nov 21, 2005 12:34 am    Post subject:
    ----
datah wrote:
To Dr.Schneier:

What is your advice to young budding cryptologist's?


I got to ask him that question in person once, and he pointed me to this article of his, as well as this other one.

Author: dataLocation: India PostPosted: Mon Nov 21, 2005 6:39 pm    Post subject:
    ----
Thankyou!

Author: alt.don PostPosted: Wed Nov 23, 2005 3:39 pm    Post subject:
    ----
Hi guys,

I will be collating the questions and sending them to Mr. Schneier. Once I am done I will be getting rid of this thread. I'm looking forward to his answers! Lastly, thanks to those of you who took the time to enter some questions.

Author: patbatemanLocation: philadelphia PostPosted: Thu Dec 29, 2005 5:14 pm    Post subject:
    ----
Any word on when this is going to be posted? Im kinda anxious to read it.

Author: alt.don PostPosted: Thu Dec 29, 2005 5:36 pm    Post subject:
    ----
Hello,

I will be posting this interview on 15 Jan '06.

Author: patbatemanLocation: philadelphia PostPosted: Thu Dec 29, 2005 6:52 pm    Post subject:
    ----
Is there a interview schedule im just not aware of? I noticed there was one that was posted last week or so. One per month im guessing is what you aim for ? Also, thanks for the quick response

Author: alt.don PostPosted: Thu Dec 29, 2005 8:06 pm    Post subject:
    ----
Hello,

I generally post one every month on the 15th barring my being kidnapped by aliens and being gang-probed or somesuch. Don't laugh! It could happen to you to! Laughing In essence on the 15th of every month is when I post one.

cheers

Author: Secure Lockdown PostPosted: Fri Dec 30, 2005 3:58 am    Post subject:
    ----
alt.don wrote:
Hello,

I generally post one every month on the 15th barring my being kidnapped by aliens and being gang-probed or somesuch. Don't laugh! It could happen to you to! Laughing In essence on the 15th of every month is when I post one.

cheers


we will send blackberry msg to alien mothership to re-schedule kidnapping for 16th.

Author: StIlTzLocation: Minnesota PostPosted: Fri Jan 13, 2006 5:55 am    Post subject:
    ----
Secure Lockdown wrote:

we will send blackberry msg to alien mothership to re-schedule kidnapping for 16th.


Whats the motherships PIN? All joking aside I am really interested in this interview as I am doing a capstone project on cryptography/cryptanalysis for part of my undergrad right now. One of my professors is a co-chair of a conference being held here in Minneapolis coming up and Bruce Schneier is one of the speakers. I plan on attending for the day, could be interesting as well.

/me Can't wait for another good interview by alt.don

-=StIlTz=-
_________________

Author: alt.don PostPosted: Fri Jan 13, 2006 4:49 pm    Post subject:
    ----
Hello Stiltz,

The interview goes up on the 15th or in two days as it were. It was not one of the best interviews we have had imho. You guys can be the judge of that though. Stiltz, don't forget that you need to go down to only one link in your sig block dude.

Cheers,

Don

Author: RFmax PostPosted: Fri Jan 13, 2006 5:09 pm    Post subject:
    ----
Stilz, thank for the heads upon the conference. I never would have known about it. Maybe see you there.

Author: StIlTzLocation: Minnesota PostPosted: Fri Jan 13, 2006 5:49 pm    Post subject:
    ----
RFmax wrote:
Stilz, thank for the heads upon the conference. I never would have known about it. Maybe see you there.


It should be an interesting conference. The other keynote is Lt.Colonel Curt Carver who is the associate dean, US Military Academy. My fellow classmates are predicting that the two butt heads hard during the conference at some point.

If you go let me know. I plan on going pending time off of work.

alt.don I know you wouldn't let us down in an interview, perhaps it was our questions that were posed...

-=StIlTz=-



Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page Previous  1, 2, 3  Next  :||:
Page 2 of 3

Powered by phpBB 2.0.x © 2001 phpBB Group