No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review. Bruce Schneier More Quotes by Bruce Schneier More Quotes From Bruce Schneier If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier technology understanding thinking The mantra of any good security engineer is: "Security is a not a product, but a process." It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. Bruce Schneier design strong working-together I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'. Bruce Schneier internet-users answers average Amateurs hack systems, professionals hack people. Bruce Schneier computer hacks people People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems. Bruce Schneier security-systems links people More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk. Bruce Schneier sharks pigs years History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did. Bruce Schneier security-systems errors technology If someone steals your password, you can change it. But if someone steals your thumbprint, you can't get a new thumb. The failure modes are very different. Bruce Schneier thumbprints thumbs different Don't make the mistake of thinking you're Facebook's customer, you're not - you're the product. Bruce Schneier customers mistake thinking Security is a process, not a product. Bruce Schneier security products process For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that-either now or in the uncertain future-patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable. Bruce Schneier individuality eye children There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. Bruce Schneier government reading kids Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. Bruce Schneier algorithms clueless break Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge. Bruce Schneier locks information rooms Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. Bruce Schneier maintaining requirements dignity Surveillance is the business model of the Internet. Bruce Schneier surveillance models internet It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Bruce Schneier mathematics law needs The more technological a society is, the greater the security gap is. Bruce Schneier technological gaps greater If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security. Bruce Schneier asks lines ifs The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember. Bruce Schneier easy remember ideas
