• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Interview with a security professional - Bruce Schneier

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777080


Offline

PostPosted: Sat Jan 14, 2006 5:22 pm    Post subject: Interview with a security professional - Bruce Schneier Reply with quote

In our continuing series of “Interview with a security professional” we have the pleasure of having Bruce Schneier who will answer some questions posed by the members.


Question

At what stage does encryption strength become a national security issue?


Bruce’s answer

It always has been. It was during World War II. It was in the beginning of the computer age. It has been through the Cold War, and it is today. All through that time, major national governments have had large agencies designing cryptographic systems and breaking the systems of other countries. This is unlikely to change in the future.

Question

Recently you mentioned that you feel ISP's should be held liable for bad network traffic such as; viruses, spam, and the such. How would you propose this be done? Lastly, what would you say to those who say this is no different then holding car manufacturers liable for drunk drivers?


Bruce’s answer

Most of the criticism of this idea has come from people who don't understand liability, or -- at least -- approach it from a computer-science perspective. Liability is not all or nothing. It's much more complicated than that, and much more human. Liabilities are apportioned by the court system. And while it is certainly unreasonable to assume that ISPs should be 100% liable for bad network traffic, it is also unreasonable to assume that they should be 0%. Somewhere between 0% and 100% is the proper liability, and that's the kind of thing that courts are good at figuring out. They'll also decide if it is different than holding car manufacturers liable for drunk drivers, and how much different.
No, this is not an algorithmic answer. And yes, it will change over time. But it's the way our society ensures that good products and services are available to consumers.

Question

Do you believe ICANN should continue to hold a prominent role in the governance of the Internet core routers?


Bruce’s answer

Sorry. I have no opinion on this matter.

Question

What do you see as the biggest threats to home users in the near future?


Bruce’s answer

Crime.The biggest threat on the Internet right now is crime. It's the biggest threat to businesses, and it's the biggest threat to home users as well. If the crime rate increases much more, people will stop doing things online.

Question

What is your opinion about staying anonymous online? Is it really possible legally/illegally?


Bruce’s answer

Anonymity is not an all-or-nothing thing; there are degrees. Right now I can get an anonymous e-mail account on one of a variety of systems and be anonymous to my friends. That won't protect me from the police, though. As your adversary gets more skilled, better funded, and more able to apply legal pressure, anonymity is harder. I don't know if it is possible to have true anonymity against even the most skilled adversaries anymore.

Question

Do you forsee the development of a cryptographically secure hash any time in the near future? And does you anticipate finishing nist_hash_works_4 your own based on Phelix?


Bruce’s answer

There are lots of cryptographically secure hash functions right now: SHA-256, Whirlpool, SHA-1 with twice the number of rounds, etc. Designing a secure hash function is easy; designing one that has good performance is hard. Right now we need serious research into the design of hash functions. I hope to contribute to that research, both by cryptanalyzing other hash functions and through the design of a hash function based on Phelix.

Question

As privacy seems to be currently eroding away, with the requests for wiretapping VOIP calls, logging of Internet usage, and so forth, do you think that eventually the general public will realize and start to demand that privacy back?


Bruce’s answer

If you think predicting mathematical advances in cryptography is hard, try predicting changes in public opinion. I have no idea if people will start demanding more privacy instead of accepting less. Certainly public opinion swings back and forth through history, so it's reasonable to assume that it will swing back towards privacy. But when, and how... I have no idea.


On behalf of the forums and myself I would like to sincerely thank Mr. Bruce Schneier for taking the time to answer the questions posed by our members.


This interview is copyright 2006 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Back to top
View user's profile Send private message Visit poster's website
patbateman
Just Arrived
Just Arrived


Joined: 15 Jul 2005
Posts: 1
Location: philadelphia

Offline

PostPosted: Sun Jan 15, 2006 10:17 pm    Post subject: Reply with quote

Kinda short for one of his interviews. If people are still left wanting more, id check out another one of his interviews thats on itconversations.com.
Back to top
View user's profile Send private message
bknows
Just Arrived
Just Arrived


Joined: 11 Jul 2003
Posts: 5


Offline

PostPosted: Wed Feb 15, 2006 5:44 am    Post subject: Reply with quote

Yes, kinda short. Not up to the usual interview. Not controversial or even thought provoking. Of course, with Bruce, you always want more.

On the other hand, you didn't get too many good questions from us. I've been away for a while, so I wasn't around to contribute. Bummer.
Back to top
View user's profile Send private message
Keiyentai
Just Arrived
Just Arrived


Joined: 02 Dec 2004
Posts: 1
Location: Some where on my comp

Offline

PostPosted: Fri Feb 24, 2006 9:38 am    Post subject: Reply with quote

Short but good read none the less.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register