No announcement yet.

The Bruce Schneier reading list for students at Harvard or MIT or wherever...

  • Filter
  • Time
  • Show
Clear All
new posts

  • The Bruce Schneier reading list for students at Harvard or MIT or wherever...

    The Whitenoise Challenge That Black Hat Would Not Take starts in just 8 days.

    The Bruce Schneier Reading List and ePrint

    The International Association for Cryptographic Research somehow seems to have acted as unscientifically as the rest of our characters.

    At the urging of Brian O’Higgins (a very decent, professional and brilliant man) we filed a specification for Tinnitus, a non-network application deploying Whitenoise and the specification was given at BTW - Mr. O’Higgins was one of the people cc’d in the History of Whitenoise Can’t Be Broken from yesterday’s posting. He was the founder of Entrust and is a Canadian icon.

    The proposed break by Wu specified at quickly followed. Mr. Wu claimed that he could break Whitenoise with just 30,000 bytes of key stream information – and a weekend. You saw the admission that he couldn’t just yesterday.

    We found this odd particularly in light of the fact that as a result of conversations our former CTO actually gave mention about both Mr. Wagner and Mr. Wu. If you go look at you will find on the third to last slide: “Note: The author of has been recognized on page 8 of the revision”

    Interaction is a normal part of science. What wasn’t normal was that this claim out of nowhere was obviously bunk and it just felt part of a bigger agenda. Even though it was a pain in the butt, we did what good scientists have to do which is assume that it was valid and test it to see if something could be learned.

    Our former CTO worked over the course of 4-6 months with a crypto-mathematician at the Communications Security Establishment. Everything was tested ad nauseum, and over that time a rebuttal proof was written.

    We went through the process of filing another paper with ePrint with the rebuttal proof. This is the normal course of scientific discourse. A VERY SUSPICIOUS thing then happened. EPrint refused to let us post the rebuttal as an independent item falling after the date of the suspicious break claim. After an incredible amount of loud wrangling, the best IACR would do is allow an addendum to be added to the originally filed specification. “We don’t want any arguments on our site…”

    Since by now we know people see what they want to see and research by Google descriptions, the net effect of this move by the IACR and ePrint was to make sure that no one ever saw the proof. Shame on you.

    If you go to ePrint, search Whitenoise, then the order of what you’d see is the fraudulent claim that Whitenoise was broken (and in a bloody weekend no less) and that would be followed by the legitimate paper, with the rebuttal, at an earlier filing date. Why would anyone bother to check that out?
    That fraudulent claim was the reason extra-ordinary steps had to be taken with the original $100,000 Whitenoise Challenge and casting a specific net for Mr. Wu and the other blog poisson.

    And to boot, we gave Mr. Wu 1 million bytes of key stream instead of only the 30,000 bytes he said he needed.

    And like everything else that is hidden in plain site on our web site the proof has always been posted.

    Please feel free to use the quality scientific work posted at to help your efforts in this Whitenoise Challenge That Black Hat Would Not Take. You will not be disqualified.

    DEFCONIANS can draw their own conclusions. Discuss or disgust amongst yourselves!


    Zig – Zag – THE READING LIST

    We know Mr. Schneier is going to be busy breaking Snake Oil at the beginning of the school year at Harvard or MIT or wherever. We want the students to learn about recent crypto history in that interim in a fun way. So here is your reading list:

    In Denial-Code Red is a fictional, historical, geeky James Bond kind of book. It was definitely an effort to have fun and poke fun, and still be accurate without getting sued, in the middle of all the rather shameful scientific behavior. You can get it either through Amazon or directly through our web site to save a few dollars.

    Even though they are all fictionalized characters, what security icons do you think are most like each character? As a lead, Jacques Têtu is DIVA. And Têtu in French means “hard-headed.” I guess that is appropriate though “undeterred” is a gentler way of phrasing it.

    And if you get into that book, you might get an idea of why it leads us a Fellow at one of the premier labs in the US that presented a paper on man-in-the-middle attacks at BCIT during the same time frame. In fact, he first visited UC Berkeley from an east coast swing about this whole issue and just before presenting a paper on Man-in-the-Middle attacks at the IBM Auditorium at the British Columbia Institute of Technology on his way to studying findings on the Whitenoise performance analysis at the University of Victoria.

    He blurted something out to the entire auditorium but to hear that you will have to tune in tomorrow – the fat lady DIVA isn’t finished singing yet.

    Start gathering your resources for the Challenge that Black Hat Would Not Take. It’s only about a week away to start.