Bruce Schneier has done so much for security, including by his ability to explain issues so clearly to the IT community and to the public.
If someone in the community of professional cryptographers and crypto-based security is reading this, what is his position in that community? Is he as prominent? A leader? A leading engineer?
This comment by tptacek pretty much answers your question:
"Schneier's career has an interesting arc that is not too dissimilar from that of Eric Raymond, involving early modest-but-significant contributions to the field (cryptologic literature for Schneier, open source software for Raymond), then a marked phase of popularization and evangelism, followed by a full-throttle transition into punditry."
I'm not from the crypto community, but putting Skein into FreeBSD seems a very strange choice, especially because it looks to be motivated by the "Schneier" brand. Apart from SHA-3 (which is already there), BLAKE2 would have been a better alternative.
> I'm not from the crypto community, but putting Skein into FreeBSD seems a very strange choice, especially because it looks to be motivated by the "Schneier" brand. Apart from SHA-3 (which is already there), BLAKE2 would have been a better alternative.
This does reek a bit of the "Schneier Brand", but for what it's worth, Bruce hasn't developed horrible cryptographic primitives:
Block ciphers: Blowfish (bcrypt is based on the expensive Blowfish key schedule), Twofish (an AES finalist), Threefish (based on Skein).
Stream ciphers: Solitaire (a classical algorithm with playing cards), Helix (authenticated stream cipher), Phelix (authenticated stream cipher submitted to ECRYPT)
Random number generators: Yarrow (inital CSPRNG), Fortuna (CSPRNG replacing Yarrow- FreeBSD and OS X/iOS /dev/random)
Generic hashing algorithms: Skein (a SHA-3 finalist)
What I find interesting, is the monocultures created in cryptography. You have the NSA/NIST monoculture (3DES, AES, SHA-1, SHA-2, SHA-3), the Schneier monoculture (Blowfish/bcrypt, Fortuna, Skein) and the Berstein monoculture (Poly1305, Curve25519, ChaCha20). It seems to me that if you're against the NIST standards and NSA designs, then you're likely in the Schneier or Berstein monocultures, with possibly some overlap.
What bothers be about being anti-NIST or anti-NSA, is forgetting that we have some great algorithms that already exist, such as AES and SHA-2, that are well-studied, well-implemented, and near ubiquitous. I'm not saying we should just stick with those primitives, and I'm glad cryptographers are thinking of more, such as BLAKE2 and Argon2.
So, I guess this whole discussion boils down to "why?". Why is Skein being added to FreeBSD? What is the need? Is the package manager moving to file integrity with Skein? Is ZFS? Some other need? Or is this getting added, because of the Schneier monoculture, and the need to be "anti-NIST/NSA"? I tend to believe its the latter.
Yeah. I'm not claiming they invented AES nor SHA-3. The monoculture stems from government ways of thinking that only NIST approved standards can be used. If it doesn't have the NIST stamp of approval, it can't be deployed in production.
Just as one example. A years-long open submission and selection process. In what way do you feel that results in a 'monoculture'? How would it be done differently and better?
As I explained, it's a monoculture in that there are organizations, mostly U.S. government bodies, that will not deploy cryptographic primitives unless it has been standardized by NIST. This means strictly sticking with 3DES, AES, SHA-1, SHA-2, and SHA-3. For random number generation, this means CTR_DRBG, HMAC_DRBG, and Hash_DRBG. For password hashing, it's md5crypt, sha256crypt, and sha512crypt. It goes on and on.
I used to work as a contractor for the Dept. of V.A. and am familiar with the red-tape required to implement libraries in code, push patches to production, rely on 3rd-party libraries, etc. It's a nightmare. As an admin, I couldn't certify a hard drive was digitally wiped unless it did the DoD 3-pass, even though I'm confident a single pass of zeros is sufficient. I couldn't use my LUKS encrypted laptop on premesis, because the encryption process hadn't been vetted by a committee. I couldn't deploy bcrypt as the password hash for authentication.
So, my reference to "NIST/NSA monoculture", is the bullheaded requirement that only NIST-approved algorithms can be use, after committees and approval. It's a monoculture, because at least for the V.A., only government standardized algorithms are allowed.
That sounds like a pain, on the other hand, I don't think it really matches any reasonable definition of 'monoculture'. And I'd guess I'm in a majority that's ok with the Department of VA (or of Agriculture or Housing and Urban Development, etc) not inventing their own crypto practices and standards.
So, I agree that NIST has been a force for evil in the world, in the same sense that the IETF has. If that's the core point you're trying to make, we're on the same page.
I just don't think "monoculture" is the reason why. I think all crypto standards organizations are problematic.
> So, I agree that NIST has been a force for evil in the world, in the same sense that the IETF has. If that's the core point you're trying to make, we're on the same page.
If you are defining "evil" as blind and bullheaded, then yes. I don't think NIST or the IETF are actively malicious, however.
As most of you know, this guy's career is very interesting. Every few years he's stepped up to another level of thinking, a higher, more abstract viewpoint of the world. It's natural for people to learn and abstract, but he does so much of it.
The irony of this is that I said about the same thing as tptacek on his own blog. Which most of my designs/essays are backed up on. That was about when he stopped responding to my comments so much. ;)
Note: It's not necessarily a bad thing. We need more people to get info to laypeople, business execs, and policymakers in a way they can understand. Just shifts what hou can expect from the person in terms of technical stuff.
Not sure about cryptographers, but he sometimes comes out as a conspiracy theorist in matters of security. I think he has a ton of followers. And he is a good orator. I've resigned myself to believe that he really doesn't have a view into what's going on in security. I used to be a fan. I have his red book. I've read it and found it to be shallow and useless.
When I read words like "conspiracy theorist", "ton", "useless", I don't see something persuasive - hyperbole isn't persuasive, it doesn't inform the reader - it just communicates the writer's strength of emotion.
So why create an account to say that? Why do you feel so strongly about Schneier?
Yeah, I don't know. Is the package manager switching to it for file integrity? Does the OpenZFS team plan on switching to it for filesystem integrity? I don't know. User "cem" asks the same question: https://reviews.freebsd.org/D6166#139120
If someone in the community of professional cryptographers and crypto-based security is reading this, what is his position in that community? Is he as prominent? A leader? A leading engineer?