World Library  
Flag as Inappropriate
Email this Article

Bruce Schneier

Article Id: WHEBN0000036732
Reproduction Date:

Title: Bruce Schneier  
Author: World Heritage Encyclopedia
Language: English
Subject: Computer security, Blowfish (cipher), Skein (hash function), Threefish, Niels Ferguson
Publisher: World Heritage Encyclopedia

Bruce Schneier

Bruce Schneier
Bruce Schneier at the Congress on Privacy & Surveillance (2013) of the École polytechnique fédérale de Lausanne (EPFL).
Born (1963-01-15) January 15, 1963 [1]
New York City, New York
Residence United States
Citizenship American
Fields Computer science
Institutions Counterpane Internet Security
Bell Labs
United States Department of Defense
BT Group
Alma mater American University
University of Rochester
Known for Cryptography, security

Bruce Schneier (; born January 15, 1963[1]) is an American cryptographer, computer security and privacy specialist, and writer. He is the author of several books on general security topics, computer security and cryptography.

Schneier is a fellow at the [3]

Early life

Bruce Schneier is a son of Martin Schneier, a Brooklyn Supreme Court judge. He grew up in Flatbush, attending P.S. 139 and Hunter High School.[4] After receiving a physics bachelor's degree from the University of Rochester in 1984,[5] he went to American University in Washington, D.C. and got his master's degree in computer science in 1988.[6] He was awarded an honorary Ph.D from the University of Westminster in London, England in November 2011. The award was made by the Department of Electronics and Computer Science in recognition of Schneier's 'hard work and contribution to industry and public life'.

Schneier was a founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet Security, Inc.

Writings on computer security and general security

In 1994, Schneier published Applied Cryptography, which details the design, use, and implementation of cryptographic algorithms. In 2010 he published Cryptography Engineering, which is focused more on how to use cryptography in real systems and less on its internal design. He has also written books on security for a broader audience. In 2000, Schneier published Secrets and Lies: Digital Security in a Networked World, and in 2003, Beyond Fear: Thinking Sensibly About Security in an Uncertain World. In 2012 Schneier published Liars and Outliers: Enabling the Trust that Society Needs to Thrive.

Schneier writes a freely available monthly Internet newsletter on computer and other security issues, Crypto-Gram, as well as a security [8] Schneier is frequently quoted in the press on computer and other security issues, pointing out flaws in security and cryptographic implementations ranging from biometrics to airline security after the September 11 attacks. He also writes "Security Matters", a regular column for Wired Magazine.[9]

Schneier revealed on his blog that in the December 2004 issue of the SIGCSE Bulletin, three Pakistani academics, Khawaja Amer Hayat, Umar Waqar Anis, and S. Tauseef-ur-Rehman, from the International Islamic University in Islamabad, Pakistan, plagiarized an article written by Schneier and got it published.[10] The same academics subsequently plagiarized another article by Ville Hallivuori on "Real-time Transport Protocol (RTP) security" as well.[10] Schneier complained to the editors of the periodical, which generated a minor controversy.[11] The editor of the SIGCSE Bulletin removed the paper from their website and demanded official letters of admission and apology. Schneier noted on his blog that International Islamic University personnel had requested him "to close comments in this blog entry"; Schneier refused to close comments on the blog, but he did delete posts which he deemed "incoherent or hostile".[10]



To Schneier, peer review and expert analysis are important for the security of cryptographic systems.[12] Mathematical cryptography is usually not the weakest link in a security chain; effective security requires that cryptography be combined with other things.[13]

The term Schneier's law was coined by Cory Doctorow in his speech about Digital Rights Management for Microsoft Research,[14] which is included in his 2008 book Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future. The law is phrased as:

Any person can invent a security system so clever that he or she can't imagine a way of breaking it.

He attributes this to Bruce Schneier, presumably making reference to his book Applied Cryptography, although the principle predates its publication. In The Codebreakers, David Kahn states:

Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break.

Similarly, in A Few Words On Secret Writing in Graham's Magazine (July 1841), Edgar Allan Poe stated

Few persons can be made to believe that it is not quite an easy thing to invent a method of secret writing which shall baffle investigation. Yet it may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve.


Schneier is critical of digital rights management (DRM) and has said that it allows a vendor to increase lock-in.[15] Proper implementation of control-based security for the user via trusted computing is very difficult, and security is not the same thing as control.[15]

Homeland security

Schneier has said that homeland security money should be spent on intelligence, investigation, and emergency response.[16] Defending against the broad threat of terrorism is generally better than focusing on specific potential terrorist plots.[16] According to Schneier, analysis of intelligence data is difficult but is one of the better ways to deal with global terrorism.[17] Human intelligence has advantages over automated and computerized analysis, and increasing the amount of intelligence data that is gathered does not help to improve the analysis process.[17] Agencies that were designed around fighting the Cold War may have a culture that inhibits the sharing of information; the practice of sharing information is more important and less of a security threat in itself when dealing with more decentralized and poorly funded adversaries such as al Qaeda.[18]

Regarding PETN—the explosive that has become terrorists' weapon of choice—Schneier has written that only swabs and dogs can detect it. He also believes that changes to airport security since 11 September 2001 have done more harm than good and he defeated Kip Hawley, former head of the Transportation Security Administration, in an Economist online debate by 87% to 13% regarding the issue.[19] He is widely credited with coining the term security theater to describe some such changes.

As a Fellow of Berkman Center for Internet & Society at Harvard University, Schneier is exploring the intersection of security, technology, and people, with an emphasis on power.[20]

System design

Schneier has criticized security approaches that try to prevent any malicious incursion, instead arguing that designing systems to fail well is more important.[21] The designer of a system should not underestimate the capabilities of an attacker; technology may make it possible in the future to do things that are not possible at the present.[12] Under Kerckhoffs's Principle, the need for one or more parts of a cryptographic system to remain secret increases the fragility of the system; whether details about a system should be obscured depends upon the availability of persons who can make use of the information for beneficial uses versus the potential for attackers to misuse the information.[22]

Secrecy and security aren't the same, even though it may seem that way. Only bad security relies on secrecy; good security works even if all the details of it are public.[23]

Full disclosure

Schneier is a proponent of full disclosure, i.e. making security issues public.

If researchers don’t go public, things don’t get fixed. Companies don't see it as a security problem; they see it as a PR problem.[24]

Other writing

Schneier and Karen Cooper were nominated in 2000 for the Hugo Award, in the category of Best Related Book, for their Minicon 34 Restaurant Guide, a work originally published for the Minneapolis science fiction convention Minicon which gained a readership internationally in science fiction fandom for its wit and good humor.[25]

Cryptographic algorithms

Schneier has been involved in the creation of many cryptographic algorithms.

Hash functions:

Stream ciphers:

Pseudo-random number generators:

Block ciphers:


  • Schneier, Bruce. Applied Cryptography, John Wiley & Sons, 1994. ISBN 0-471-59756-2
  • Schneier, Bruce. Protect Your Macintosh, Peachpit Press, 1994. ISBN 1-56609-101-2
  • Schneier, Bruce. E-Mail Security, John Wiley & Sons, 1995. ISBN 0-471-05318-X
  • Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996. ISBN 0-471-11709-9
  • Schneier, Bruce; Kelsey, John; Whiting, Doug; Wagner, David; Hall, Chris; Ferguson, Niels. The Twofish Encryption Algorithm, John Wiley & Sons, 1996. ISBN 0-471-35381-7
  • Schneier, Bruce; Banisar, David. The Electronic Privacy Papers, John Wiley & Sons, 1997. ISBN 0-471-12297-1
  • Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2000. ISBN 0-471-25311-1
  • Schneier, Bruce. Beyond Fear: Thinking Sensibly About Security in an Uncertain World, Copernicus Books, 2003. ISBN 0-387-02620-7
  • Ferguson, Niels; Schneier, Bruce. Practical Cryptography, John Wiley & Sons, 2003. ISBN 0-471-22357-3
  • Schneier, Bruce. Schneier on Security, John Wiley & Sons, 2008. ISBN 978-0-470-39535-6
  • Ferguson, Niels; Schneier, Bruce; Kohno, Tadayoshi. Cryptography Engineering, John Wiley & Sons, 2010. ISBN 978-0-470-47424-2
  • Schneier, Bruce. Liars and Outliers: Enabling the Trust that Society Needs to Thrive, John Wiley & Sons, 2012. ISBN 978-1-118-14330-8
  • Schneier, Bruce. Carry On: Sound Advice from Schneier on Security, John Wiley & Sons, 2013. ISBN 978-1118790816


Bruce Schneier is a board member of the Electronic Frontier Foundation.[26]

See also


  1. ^ a b "Bruce Schneier | Facebook".  
  2. ^ "Bruce Schneier Joins Co3 Systems as CTO". 
  3. ^ Contributor Profile
  4. ^ Samuel Newhouse (February 9, 2009). Schneier on Security;" A Judge’s Son Builds a Reputation of Cryptic Fame""". Brooklyn Daily Eagle. 
  5. ^ Drew Amorosi (July 11, 2011). "Interview: BT's Bruce Schneier". InfoSecurity. 
  6. ^ Charles C. Mann Homeland Insecurity
  7. ^
  8. ^ Blood, Rebecca (January 2007). "Bruce Schneier". Bloggers on Blogging. Retrieved April 19, 2007. 
  9. ^ Schneier, Bruce. "Security Matters". Wired Magazine. Retrieved March 10, 2008. 
  10. ^ a b c "Schneier on Security: Plagiarism and Academia: Personal Experience". Retrieved June 9, 2009. 
  11. ^ "ONLINE – International News Network". June 9, 2007. Retrieved June 9, 2009. 
  12. ^ a b Schneier, Bruce (1997). "Why Cryptography Is Harder Than It Looks". Retrieved 2011-04-08. 
  13. ^ Ferguson, Niels; Schneier, Bruce. "Practical Cryptography: Preface". Retrieved 2011-04-08. 
  14. ^  
  15. ^ a b Schneier, Bruce (2008-02-07). "'"With iPhone, 'Security' Is Code for 'Control. Retrieved 2011-04-08. 
  16. ^ a b Schneier, Bruce (2005-09-08). "Terrorists Don't Do Movie Plots".  
  17. ^ a b Schneier, Bruce (2004-01-09). "Homeland Insecurity". Retrieved 2011-04-08. 
  18. ^ Schneier, Bruce (2010-01-15). "Fixing intelligence failures – SFGate".  
  19. ^ "International terrorism: AQAP tries again: Good intelligence work still leaves questions over airport security", The Economist, dated 12 May 2012.
  20. ^ "Berkman Center Announces 2013–2014 Community". Berkman Center for Internet & Society at Harvard University. July 8, 2013. Retrieved 8 July 2013. 
  21. ^ Homeland Insecurity, Atlantic Monthly, September 2002
  22. ^ Schneier, Bruce (2002-05-15). "Crypto-Gram: May 15, 2002". Retrieved 2011-04-08. 
  23. ^ Doctorow, Cory. Little Brother. New York: Tor Teen, 2008, page 129.
  24. ^ Charlie Miller's Punishment By Apple Tests A Complex Relationship Huffinton Post, 2011.
  25. ^ "Hugo Awards Nominations". Locus Magazine. April 21, 2000. 
  26. ^ Jeschke, Rebecca (2013-06-27). "Renowned Security Expert Bruce Schneier Joins EFF Board of Directors". Retrieved 2013-07-06. 

External links

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.