"The Cult of Schneier"
If there's actually a cult out there, I want to hear about it. In an
essay by that name, John Viega writes about the dangers of relying on
Applied Cryptography to design cryptosystems:
But, after many years of evaluating the security of software
systems, I'm incredibly down on using the book that made Bruce
famous when designing the cryptographic aspects of a system. In
fact, I can safely say I have never seen a secure system come out
the other end, when that is the primary source for the crypto
design. And I don't mean that people forget about the buffer
overflows. I mean, the crypto is crappy.
My rule for software development teams is simple: Don't use
Applied Cryptography in your system design. It's fine and fun
to read it, just don't build from it.
[...]
The book talks about the fundamental building blocks
of cryptography, but there is no guidance on things
like, putting together all the pieces to create a
secure, authenticated connection between two parties.
Plus, in the nearly 13 years since the book was
last revised, our understanding of cryptography
has changed greatly. There are things in it that
were thought to be true at the time that turned
out to be very false....
I agree. And, to his credit, Viega points out that
I agree:
But in the introduction to Bruce Schneier's
book, Practical Cryptography, he himself says
that the world is filled with broken systems
built from his earlier book. In fact, he wrote
Practical Cryptography in hopes of rectifying
the problem.
This is all true.
Designing a cryptosystem is hard. Just as you
wouldn't give a person -- even a doctor -- a
brain-surgery instruction manual and then
expect him to operate on live patients, you
shouldn't give an engineer a cryptography book
and then expect him to design and implement a
cryptosystem. The patient is unlikely to
survive, and the cryptosystem is unlikely to
be secure.
Even worse, security doesn't provide immediate
feedback. A dead patient on the operating
table tells the doctor that maybe he doesn't
understand brain surgery just because he read
a book, but an insecure cryptosystem works
just fine. It's not until someone takes the
time to break it that the engineer might
realize that he didn't do as good a job as he
thought. Remember: Anyone can design a
security system that he himself cannot break.
Even the experts regularly get it wrong. The
odds that an amateur will get it right are
extremely low.
For those who are interested, a second edition
of Practical Cryptography will be published in
early 2010, renamed Cryptography Engineering
and featuring a third author: Tadayoshi Kohno.