Schneier

Cryptography expert Bruce Schneier used to write his passwords down on a slip of paper and keep it in his wallet.

Today, he uses a free Windows password-storage tool called Password Safe that he designed five years ago and released into the open-source community. The desktop application lets users remember only one master password to access their password list.

But Schneier still recommends the paper method for people who don't have their computers with them at all times like he does. "Either write the passwords down and put them in your wallet, or use something like Password Safe,&… Read more

In a security industry full of FUD and hype, cryptographer and consultant Bruce Schneier offers a no-nonsense reality check verging on social commentary.

He has worked on numerous ciphers, hash functions, and other cryptographic algorithms that are arcane to the average computer user but which have been instrumental in protecting the privacy of data. But his influence extends beyond the world of encryption.

Schneier wrote several bestselling books--including "Secrets and Lies: Digital Security in a Networked World," "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," and his latest, "Schneier on Security"--that provide perspective on risks and threats in everything from e-mail to airport security. And his Cryto-Gram newsletter and blog are considered must-reads inside and outside the industry.

Opinionated and cynical, he doesn't hesitate to point out that one of the biggest limitations of technology is people. ("The user's going to pick dancing pigs over security every time," he has been quoted as saying.)

In an e-mail interview with CNET News, Schneier pokes fun at National Cyber Security Month, talks about his background in crypto and working for the U.S. Defense Department, and says he fears privacy invasion more from marketers than governments or criminals.

Q: You started out as a cryptographer but are considered an expert on all types of security threats, hypes, and realities. Do you still do much cryptography? Schneier: Some. I'm a member of the cryptographic team that developed the Skein hash function, currently a second-round candidate in NIST's competition to choose an SHA-3. These competitions are kind of like cryptographic demolitions derbies: all the teams put their algorithms in the ring and try to beat up everyone else's. NIST received 64 submissions, of which 51 met the submission criteria. Of those 51, 14 proceeded to the second round. It's great fun to be working on this.

Overall, though, I am not doing a lot of cryptography. Over the past several years I have been studying security economics, and more recently, the psychology of security. These are important new fields that will have many lessons for security technology.

What are your thoughts on the state of cryptography today? There doesn't seem to be anything going on as exciting as the crypto battles of the 1990s. Schneier: We really have all the cryptography we need for the foreseeable future; the problem is using it securely. Computer and network security are by far the weaker links. Even worse are things like user interface, installation, implementation, configuration, use, and update. There's so much good cryptography that doesn't get used properly because of one of these issues. These are hardly new areas, but they're the areas that need the most work.

Do you encrypt your e-mail?… Read more

Clear, a program approved by the U.S. Transportation Security Administration that lets frequent fliers bypass airport security lines, is now being used to let football fans bypass the security lines at pro football games.

Deals are kicking off this fall at home games for the San Francisco 49ers, the Atlanta Falcons, and the Denver Broncos.

Clear, the largest of four Registered Traveler programs operating at U.S. airports, isn't run by the TSA. It's a private service of Verified Identity Pass (VIP).

Doesn't it seem like VIP is leveraging its privileged position in airport security--a position … Read more

Security expert Bruce Schneier is rightly regarded as one of the industry's most intelligent and insightful participants. He has made substantial personal contributions to the science of cryptology, and has written some of the best books on the subject.

Like many smart people, Schneier is also highly opinionated. Although I have yet to hear a technical opinion from Schneier that I disagree with, some of his nontechnical opinions are--in my opinion--open to debate.

For example, Schneier coined the term "Security Theater" to describe measures that serve to make people feel safer without significantly improving security in any … Read more

LAS VEGAS--Bruce Schneier, CTO of BT Counterpane, has been talking about the psychology of security for some time now. In his keynote address to Black Hat on Thursday morning, Schneier said that one simply cannot quantify security because it's also emotional. How we feel about security in a given situation can affect how secure we really are.

Schneier says we're all security consumers; as humans, we're constantly deciding how much time, money and effort we spend to feel secure. All animals do this. A rabbit faced with a predator has to decide whether to keep eating or … Read more