Bruce Almighty: Schneier preaches security to Linux faithful

Schneier is one of three keynote speakers at Linux.conf.au 2008 and speaks with Dahna McConnachie about his presentation, books and thoughts.

At the time that you released Blowfish, most other designs were proprietary, patented and/or kept confidentially by governments. Why did you decide to release Blowfish into the public domain?

If I kept blowfish proprietary, or patented it, it would have died a quiet and lonely death. With few exceptions, proprietary and patented algorithms don't get used by anybody.

A rough count from the list on your Web site indicates that there are well over 150 software products (including the mainline Linux kernel, from v2.5.47) that use Blowfish. Has it exceeded or met your expectations?

I don't know if I had any expectations. There weren't enough alternatives to DES out there. I wrote Blowfish as such an alternative, but I didn't even know if it would survive a year of cryptanalysis. Writing encryption algorithms is hard, and it's always amazing if one you write actually turns out to be secure. At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead.

You recently launched a stinging attack on the elliptic curve-based Dual_EC_DRBG, one of four techniques RNG designs approved by the US National Institute of Standards and Technology (NIST) in March of this year. The controversy surrounds numbers used to define the algorithm's elliptic curve from which RNGs are created, which appear to be derived from a second set of hidden numbers - the so called 'backdoor'. What significance does this have on the outside world?

Minimal. I don't think anyone would use the algorithm anyway, since it's about 1000 times slower than the alternatives for absolutely no relative benefit. But it is in the standard, so felt I needed to warn people against using it.

How widely do you think the design is used?

I have no idea. My guess is that someone, somewhere, is already using it and NIST didn't want to piss them off -- that's why the algorithm is in the standard.

Do random number generators have much security value?

Yes. They're vitally important to most security protocols. If they're broken, the whole thing is broken.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ARCBT AustralasiaCounterpaneGood TechnologyHewlett-Packard AustraliaHISHPLinuxMacsMicrosoft

Show Comments