

Security is Mathematics - cperciva
http://www.daemonology.net/blog/2008-03-21-security-is-mathematics.html

======
whacked_new
Hey cperciva, thanks for submitting it here; I hope more people read it.
Question about your attitude about math education. My contention is that real
good mathematicians are endowed with an ability that is easily recognized.
First you write,

"In the semester I took this course, the average grade on the first mid-term
examination was 29%. Three students (myself included), out of a class of about
40, scored higher than 50%."

I attempted a course that seems similar to the 242 you described, and I would
be under that 29%. There was even an English major who had abilities far
beyond mine; these things convinced me that I wasn't cut out for hard math.
But then you write,

"Schneier is right that security requires a strange mindset; and he's right
that computer science departments aren't good places to teach this mindset.
But he's wrong in thinking that it can't be taught: If you want someone to
understand security, just send him to a university mathematics department for
four years."

You seem to think it can be trained. Would you think your perception of
people's math ability is skewed, yourself being gifted, and probably interact
regularly with similarly gifted people?

Even if you are correct, what would you say to the people who placed into hard
courses and found themselves inadequate? While it could be that more effort is
required, but the ROI varies between individuals. For a math-inclined student,
maybe this means four years in the math department. For those who aren't, but
perhaps have the aptitude, maybe this is eight years. Aren't universities the
wrong place to find out?

I'm reading Apostol's Calculus at my leisure now. It may take me two years to
finish, but I will finish it. As determined as I am, this attitude doesn't
earn me a math degree, nor an A in a class where an English major could get
one easily.

