Sunday | 12 October, 2008
Computerworld
Bruce Almighty: Schneier preaches security to Linux faithful
Schneier is one of three keynote speakers at Linux.conf.au 2008 and speaks with Dahna McConnachie about his presentation, books and thoughts.
Dahna McConnachie 27/12/2007 07:56:29
Page:

Bruce Schneier will reconceptualise security at Linux.conf.au
Bruce Schneier will reconceptualise security at Linux.conf.au
Computerworld Buyer's Guide - Vendors Matched to this Article
Unixpac , Citrix , Dimension Data , SafeNet , GFI , SonicWALL , Red Hat , MessageLabs , 3Com
Related Features
  • +

    Process Trip 04/02/2008 13:07:03

    Why Maritz Travel revamped key business processes — and how business and IT came together to make it work
    When Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture
  • +

    Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15

    Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
    Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
  • +

    How to Get Real About Strategic Planning 04/02/2008 12:50:59

    Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?
    Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such
  • +

    Toxic Mix or Bit of a Mixed Blessing? 31/12/2007 10:36:30

    “Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . ” The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare’s Macbeth, but even so it makes “for a charm of powerful trouble”
    "Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . " The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare's Macbeth, but even so it makes "for a charm of powerful trouble"
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Zones
Zone logoZones provide focussed content from Computerworld and leading technology partners.

Newsletter Subscription

Sign up for our Computerworld newsletters!
Computerworld's twice-daily news service keeps you in touch with the latest, most important headlines from Australia and around the world.
Keep up with the latest virtualisation technologies, products, news and features.
RSS Feeds

At the time that you released Blowfish, most other designs were proprietary, patented and/or kept confidentially by governments. Why did you decide to release Blowfish into the public domain?

If I kept blowfish proprietary, or patented it, it would have died a quiet and lonely death. With few exceptions, proprietary and patented algorithms don't get used by anybody.

A rough count from the list on your Web site indicates that there are well over 150 software products (including the mainline Linux kernel, from v2.5.47) that use Blowfish. Has it exceeded or met your expectations?

I don't know if I had any expectations. There weren't enough alternatives to DES out there. I wrote Blowfish as such an alternative, but I didn't even know if it would survive a year of cryptanalysis. Writing encryption algorithms is hard, and it's always amazing if one you write actually turns out to be secure. At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead.

You recently launched a stinging attack on the elliptic curve-based Dual_EC_DRBG, one of four techniques RNG designs approved by the US National Institute of Standards and Technology (NIST) in March of this year. The controversy surrounds numbers used to define the algorithm's elliptic curve from which RNGs are created, which appear to be derived from a second set of hidden numbers - the so called 'backdoor'. What significance does this have on the outside world?

Minimal. I don't think anyone would use the algorithm anyway, since it's about 1000 times slower than the alternatives for absolutely no relative benefit. But it is in the standard, so felt I needed to warn people against using it.

How widely do you think the design is used?

I have no idea. My guess is that someone, somewhere, is already using it and NIST didn't want to piss them off -- that's why the algorithm is in the standard.

Do random number generators have much security value?

Yes. They're vitally important to most security protocols. If they're broken, the whole thing is broken.

Page:
Computerworld Buyer's Guide - Vendors Matched to this Article
Unixpac , Citrix , Dimension Data , SafeNet , GFI , SonicWALL , Red Hat , MessageLabs , 3Com
More about Hewlett-Packard, Microsoft, Good Technology, Macs, ARC, HP, BT, Counterpane, Linux, HIS Limited
Market Place
Computerworld SOA Summit: Improve your margins and eliminate inefficiencies. Register now | 17th October 2008
CRM Webcast: Learn how to find a CRM solution that fits into your existing business environment. View now.
New white paper | Improving Sales Productivity: An Opportunity for Sales and IT Leadership | Download now
Webcast: How to get the best out of your network featuring expert analysts, to view now click here
WIN a printing technology upgrade worth $20k* with HP MFPs! >> CLICK HERE TO ENTER.
Uncover the security challenges faced when defining and implementing security mechanisms within wired and wireless network environments.
21 October 2008 Live webinar: Learn how to orchestrate activities between a request management process and HP/Mercury/Quality Centre
14 October 2008 Live webinar: Mashing it up with Incident Management

Computerworld Member Login


 

Smart SOA World Tour

Discover how SOA can create smarter outcomes for your business.

Attend and learn:

  • How SOA is helping leading companies to become more agile
  • Where you should be applying SOA processes in your company
  • The top SOA implementation mistakes to avoid

Click here for more information.
Whitepaper
Radicati Market Quadrant 2008 on Corporate Web Security

Read Whitepaper

Radicati Market Quadrant 2008 on Corporate Web Security

An Analysis of the Market for Corporate Web Security Solutions, revealing Top Players, Mature Players, Specialists and Trail Blazers. Read on to discover who makes the grade.

Enterprise IT Buyer's Guide
Find Technology Vendors Fast
 
Find vendors by name | Find by category
Sponsored Links