
Cryptography Quotes - MrXOR
https://mrxor.github.io/cryptoquotes.html
======
seleniumBubbles
Nice list! One I’d add: one of my all-time favorite cryptography-related
quotes is from Bruce Schneier‘s Applied Cryptography, talking about key
length:

> These numbers have nothing to do with the technology of the devices; they
> are the maximums that thermodynamics will allow. And they strongly imply
> that brute-force attacks against 256-bit keys will be infeasible until
> computers are built from something other than matter and occupy something
> other than space.

Full context:
[https://www.schneier.com/blog/archives/2009/09/the_doghouse_...](https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html)

~~~
tzs
That argument only applies to irreversible computation. The errata for
_Applied_ _Cryptography_ corrects this:

> The section on "Thermodynamic Limitations" is not quite correct. It requires
> kT energy to set or clear a single bit because these are irreversible
> operations. However, complementing a bit is reversible and hence has no
> minimum required energy. It turns out that it is theoretically possible to
> do any computation in a reversible manner except for copying out the answer.
> At this theoretical level, energy requirements for exhaustive cryptanalysis
> are therefore linear in the key length, not exponential.

------
cmenge
My two favorites aren't on the list, perhaps because they were never put in
these exact words or they are mis-attributed:

"Cryptography is not magic pixie dust that you can sprinkle on a system to
make it secure" -Bruce Schneier [? - couldn't find a good source]

"If you think cryptography will solve your problem, either you don't
understand cryptography, or you don't understand your problem." -Roger Needham
/ Peter G. Neumann

~~~
hyper_reality
I just dug around a bit to find the likely source of the "crypto magic pixie
dust" quote, and I think it's Gary McGraw. He uses that phrase a lot, and a
search of "crypto fairy dust" in Google Books brings up books by him dating as
far back as 1999.

------
dvh
Can I add mine that still holds true in 2019:

Largest number factorized using quantum computers, if we only count algorithms
that can theoretically scale into cryptographic levels, is 21.

~~~
MrXOR
Please explain it.

~~~
dvh
Every day you hear doomsday predictions about end of the crypto as we know it
because of the quantum computers. Reality is that largest factored integer
using quantum computers to this day is 21. There are some larger numbers
around 100k factored but those use algorithms that will never scale into
crypto levels.

------
ecesena
Great list -- one more:

Cryptographers love tradition. If we were to use “Andy” and “Barbara” as the
principals, no one would believe anything in this chapter. \-- Andrew S.
Tanenbaum

~~~
MrXOR
Thanks,

But cryptographers only love math and “Andy” and “Barbara” are friends of
"Alice" and "Bob"!

[1]
[https://www.schneier.com/blog/archives/2012/09/replacing_ali...](https://www.schneier.com/blog/archives/2012/09/replacing_alice.html)

[2] [http://cryptocouple.com/](http://cryptocouple.com/)

------
Tomte
My favourite quote is from cperciva:

"The purpose of cryptography is to force the US government to torture you."

------
sjcsjc
It's not strictly relevant but there's a quote my dad used to like, apparently
from Mark Twain, but who knows. I'm paraphrasing: "two people can keep a
secret as long as one of them is dead"

~~~
MrXOR
Or maybe Benjamin Franklin?[1]

[1]
[https://www.brainyquote.com/quotes/benjamin_franklin_162078](https://www.brainyquote.com/quotes/benjamin_franklin_162078)

------
peter_d_sherman
"There are two kinds of cryptography in this world: cryptography that will
stop your kid sister from reading your files, and cryptography that will stop
major governments from reading your files."

— Bruce Schneier

I respectfully disagree... <g>

"There are _three_ (3) kinds of cryptography in this world: cryptography that
will stop your kid sister from reading your files, cryptography that will stop
major governments from reading your files, and finally, the strongest
cryptography -- cryptography that will stop _Bruce Schneier_ \-- from reading
your files." <g>

(Bruce Schneier = Cryptography's Chuck Norris...<g>)

((And the third such cryptography, if it exists... will be found to have been
created by -- you guessed it -- _Bruce Schneier_! <g>))

~~~
MrXOR
Yeah, A Bruce Schneier Fact.

[1] [https://www.schneierfacts.com](https://www.schneierfacts.com)

------
motohagiography
Was surprised not to find "people are a poor source of entropy," on the list.
I'm quite sure I didn't coin that, and it's practically an amendment to the
Kirchoff priniciples, just don't know who said it.

~~~
kijin
[https://dilbert.com/strip/2001-10-25](https://dilbert.com/strip/2001-10-25)

~~~
MrXOR
Thanks,

I will add this comic strip.

------
DGAP
Excellent list - I immediately ctrl+f'd for Schneier's law as it's my favorite
crypto axiom.

My only suggestion would be adding: "Crypto is like catnip for
programmers."[1]

[1]
[https://blog.pinboard.in/2013/04/the_matasano_crypto_challen...](https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges/)

------
woodruffw
Something about the effectiveness of rubber-hose cryptanalysis[1] would also
be a good fit for this list.

[1]: [https://en.wikipedia.org/wiki/Rubber-
hose_cryptanalysis](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis)

~~~
MrXOR
Thanks,

I add XKCD Comic about rubber-hose and Black-bag cryptanalysis[1].

[1] [https://xkcd.com/538/](https://xkcd.com/538/)

------
zokier
> Security wins many battles but loses the security war. We are definitely
> going backwards in computer security.

> — Adi Shamir

Source/context for this quote? I do find myself agreeing, but as this seems
somewhat more atypical view I'd love to read more about it. Best source I
found was this short article about RSA2007 conference, but I couldn't find the
referenced panel discussion recorded or transcribed anywhere.

[https://www.zdnet.com/article/rsa-2007-keynotes-notable-
quot...](https://www.zdnet.com/article/rsa-2007-keynotes-notable-quotes/)

Overall I think these sorts of quote collections would be massively more
useful if they'd contain verifiable sources.

~~~
MrXOR
The video of RSA's cryptographers' panel 2007 is unavailable. This quote was
named "Shamir's Law": Every 18 months security gets half as good. Adi's quote
(and fear) is about APT[1] and mass surveillance[2].

[1]
[https://en.wikipedia.org/wiki/Advanced_persistent_threat](https://en.wikipedia.org/wiki/Advanced_persistent_threat)

[2]
[https://en.wikipedia.org/wiki/Mass_surveillance](https://en.wikipedia.org/wiki/Mass_surveillance)

------
billfruit
I think this should take the cake: "We kill people based on metadata.", Gen
Michael Hayden(Frmr NSA Director).

------
kerng
There are some really good ones I haven't heard before:

>> You voice is always heard - NSA.

That made me chuckle.

~~~
MrXOR
Your comment has been read. - NSA and other big brothers :-)

------
highwind
I belive I said the first quote many times during my college years.

