Freakonomics Q&A With Bruce Schneier

Samrobb writes "In grand Slashdot tradition, the Freakonomics blog solicited reader questions for a Q&A session with Bruce Schneier. The blog host writes that Mr. Schneier's answers '...are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for "crime pays" to see his sober assessment of why it's better to earn a living as a security expert than as a computer criminal.'" The interview covers pretty much the whole range of issues Schneier has written about, and he provides links to more detailed writings on many of the questions.

His comments on terror and cameras were

[WillAffleckUW]

I found his comments on terrorism - A. Refuse to be terrorized - and cameras to be fairly well thought out.

We choose how we live.

We can live in fear and magnify risks that are, in reality, very minimal, or we can realize they're minimal and stop worrying about them.

I'd rather live free from fear.

And the answers about passwords were fairly good. When I was a regional security officer, I came up with similar concepts, based on the real threats that actually existed. When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password, and save more secure passwords for sites where you have real financial risk instead.

Re:His comments on terror and cameras were

[rindeee]

I couldn't agree with you more. The idea that the correct reaction is overreaction is not only foolish, it's counterproductive and in many cases quite dangerous. This approach has so permeated our society that it has become a part of our psyche and now has made inroads into the military. It is my opinion that 'risk management' and 'force protection' (in their current forms) are ruining the effectiveness of our fighting forces (of which I am one...no arm-chair fighting here). Having recently returned from serving forward in the middle east and working in a mixed environment of special warfare combat forces, the idiocy of that was forced upon us in the name of 'force protection' was nothing short of crippling. Why was it needed? Because, "if you don't abide by force protection rules, someone could be injured or killed". Let me get this straight; We carry guns, explosives, etc. We're trained to use them at night, in the day, in close quarters, over long distances, etc. We signed a piece of paper when we enlisted stating that we understand we might get killed in executing our orders. In light of all of that, there is some 'other' threat, apparently outside of the obvious primary threat during war-time (people shooting at you, IEDs, etc.) that is so much greater than the primary threats that it nullifies our need to counter the primary threats efficiently and effectively. Someone has written a book on this subject from a military prospective. Sadly I cannot recall the name of the book, or the author, as I just happened to pick it up one day at an acquaintances house and peruse it a bit. If anyone knows of the book of which I speak (primary topic being that force protection insanity is ruining the military), please speak up. I'd be forever indebted. Anyway, I digress. The bottom line, fear is counterproductive save for times of fight-or-flight.

Re:

[WillAffleckUW]

Well, as a former Army Sergeant, I have to agree with you.

The concept of force protection arose from the objective of battle - the imposition of chaos on the enemy and the reduction of chaos on our own military and economic supply train. But there is no cost effectiveness analysis used, sadly.

Sometimes we need to realize that overreaction, and overprotection, are the wrong responses.

Is it truly worth the time delays and economic disincentives we impose on air travel to screen everyone? Is it worth the dis

Re:

[Eivind]

Not just sometimes. -over-reaction and -over-protection is always the wrong answer, that's why it's got "over" in there, kinda a giveaway, don't you think ?

The trick is figuring out which response is apropriate.

Independently from that, you should make a conscious evalutaion of what is risky, and pay special attention to the fact that human beings are hardwired to notice the seldom but spectacular events while ignoring the many mundane ones, even when the cumulative risk from the latter is orders of magnitud

Re:

[TheLink]

"It's just human nature. Doesn't mean it's sane"

It's probably more a fear of the unknown factor, but I was thinking recently that a lot of the risks people are seemingly overworried about are risks that "natural selection" doesn't adapt well to.

If you drive a car, and you make mistakes and die, that might be good for the species overall :). If you smoke and die, OR smoke and somehow still don't die, either way that's good too.

But if the plane crashes into a mountain - you're likely to be dead even if your g

Re:

[Eivind]

It's late and you should go sleep :-)

First, remember that evolution only works on stuff that changes the chance that you'll have children, or the number of children you have. If you die of lung-cancer at 60 or live healthily to 80, this likely makes no difference whatsoever to the number of children you'll have, or the survival-chance of the children you do have.

Evolution does however work just fine for risky behaviour. Flying by plane ain't (normally) risky behaviour, dying as a result of it is just plain

Re:

[s20451]

I'm a former navy officer (Canada, not US). Surely you realize that the military doesn't give a rat's ass about you personally getting killed. What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Re:

[rindeee]

Of course, and I have no problem with this. I accepted the fact that I might meet my demise and I don't have any problem with the military taking an 'all business' view of this. My gripe is in the military adopting 'touchy-feely' models when it comes to killing people (sorry, but that IS the job of the military...it is NOT a policing force). Anyway, just one guys opinion. I appreciate your input.

Re:

[WillAffleckUW]

What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Well, naval burials at sea make sea battles a bit more palatable.

However, even though Canadian popular support for the War in Afghanistan has gone down as a result of the flag-draped coffins which are more prominently shown on Canadian TV, it's still a lot higher than support here in the US where we basically ban national coverage of dead bodies or flag-draped c

Says the military brat:

[UncleTogie]

What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Correction: Actually, they're keeping us from seeing [thebostonchannel.com] the long string of flag-draped coffins streaming home...

I'll third that.

[Xenographic]

I'm not a soldier, but I arrived at essentially the same conclusions on my own, right down to writing passwords on a card in your wallet. In fact, I used to teach people that in a local basic computer security awareness class a local library held.

One important thing to note is that you have to be careful about password reuse. Oh, and email, no matter what, should NOT be considered "low security" no matter how boring your private life is because it can often be used as leverage to get more sensitive data.

Why hard?

[SuperKendall]

When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password,

No. The point is, it's better to have a common, and super easy to remember password that requires no difficulty at all to use and retain.

Low risk, remember? Why make it more likely you'll forget your common password after a two week trip. KISS.

This is why I despise sites of obviously low security interest, that enforce ANY kind of password limiting (like mandatory mix of numbers

Re:

[Eivind]

If you're scared, atleast be so for the rigth reasons.

If you're in a trend where you gain a few pounds a year, this will quite likely kill you, *certainly* make you more sick and limit your quality of life.

If you're participating in traffic regularily, this is the area where you're most likely to die a violent death.

If you're smoking, quitting that would give a larger benefit than anything else.

Quit smoking, don't *ever* drive while intoxicated, wear a seatbelt, don't be obese, get some exersize if your wor

Duh...

[FranTaylor]

it's better to earn a living as a security expert than as a computer criminal

Watch "Catch Me If You Can", this was obvious a long time ago.

Re:Duh... ... not convinced

[petes_PoV]

Better maybe, more profitable, hmmmmm.

The key difference is that most criminals are stupid, while most consultants are much more intelligent. I would suggest that for a given IQ (or however you want to measure intelligence) the balance is far more in favour of the criminal than an equally IQ-endowed consultant.

The reason being that there are more opportunities to get money from a criminal activity than from a security consultancy activity and it will always be easier to exploit a weakness than to fix it.

Re:Duh...

[FranTaylor]

Did you watch the movie? The dude made millions designing tamper-proof checks for the folks that he ripped off for small change when he was a crook.

Re:

[TubeSteak]

A: Basically, you're asking if crime pays. Most of the time, it doesn't, and the problem is the different risk characteristics. If I make a computer security mistake -- in a book, for a consulting client, at BT -- it's a mistake. It might be expensive, but I learn from it and move on. As a criminal, a mistake likely means jail time -- time I can't spend earning my criminal living. For this reason, it's hard to improve as a criminal.

1. Most criminals discount the risks that they're taking, which means they do not have a rational view of their "risk characteristics".

2. His conclusion, "it's hard to improve as a criminal" doesn't really follow from his previous sentence. Many criminals do improve in prison. Learning crime isn't hard when you have lots of free time, are surrounded by other criminals and have access to a library. His point may be somewhat valid for a hacker/cracker, but for all we know, the person will come out with a who

Re:

[fatphil]

He's obviously also not heard of Randall Schwartz.

The more things change...

[linuxwrangler]

"...In 1957, fifty years ago, there were fewer than 2,000 computers total, and they were essentially used to crunch numbers. They were huge, expensive, and unreliable; sometimes, they caught on fire..."

Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire.

Re:The more things change...

[spun]

Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire.

That's exactly what I tell my computers when they act up, "Computers still sometimes catch on fire, you know." I keep a charred motherboard hanging on the wall in the server room, just to remind them. Helps keep the buggers running right.

Re:The more things change...

[tm2b]

"The Aperture Science Center would like to remind you that Android Hell is a real place, and you will be sent there at the first sign of disobedience."

Re:

[Jonner]

The cake is a lie!

Re:

[JK_the_Slacker]

Funny, I often say the same thing about roommates.

Re:

[Krishnoid]

At least this device [youtube.com] from an IBM training film was particularly robust for its time (pre-1970). But it also caught fire, after a sort.

Re:

[zenkonami]

I think I smell a meme.

No...nevermind...that's my laptop battery.

Re:

[TheThiefMaster]

But at least they still sometimes catch on fire.

Mine did.

Twice.

The first was a cheap psu that didn't have short-protection. I'd miswired my front mic/headphone sockets (the case used individual pins instead of a solid plug, and the pins, motherboard and motherboard manual were all labelled differently). I plugged in my headset and "BOOM", I lost the psu. And the fuse in the plug. The psu was full of loose peices afterwards, and a lot of black. Oddly, the motherboard and headset both survived.

The second was a dodgy gigabyte motherboard, with an (optional

Freakonomics Q&A with Jonathan Coulton

[FleaPlus]

I don't think this was mentioned on slashdot, but since this is quasi-related I thought I'd mention that a couple weeks ago Freakonomics also had a Q&A with Jonathan Coulton [nytimes.com], a really awesome (IMHO) singer-songwriter who releases many of his songs under a Creative Commons [jonathancoulton.com] license and whose music often has a rather geeky tilt. He also got quite a bit of attention recently for writing the song "Still Alive" which plays at the end of Portal. Here's a few neat quotes from the interview:

Q: Do you think having music available for free will make releasing some of it on a traditional album more difficult? Also, why aren't more of your songs available on Yahoo Music Engine or iTunes?

A: It's always hard to figure out the actual numbers on this, but I definitely get the feeling that having a more open attitude with MP3s has contributed to my ability to actually make a living. More and more, people don't like to buy things that they haven't heard first, which makes perfect sense when you think about it. This is why they have listening stations in record stores (er, I mean, when they used to have record stores). And because I depend so heavily on word of mouth marketing, it's extremely important that it's as easy as possible to hear my stuff. Again, it comes down to the extremely low cost that comes with digital content -- it's okay if only a small percentage of listeners buy, as long as the number of listeners is very high. That can only happen if you let people listen. ...

Q: When you wrote "Still Alive" for Portal did you have any idea how well the synergy would be with the game? I don't think that there has every been ending credits in any media that has matched the love that people have for the end of Portal. Have you been asked to work on any other video game music since the release of Portal?

A: One of the reasons I agreed to do it was that I understood the character so well -- it was one of those things where I looked at what they had created and it made absolute sense to me. We didn't know all the details of how we were going to finish the game, but I really could sort of feel how it was supposed to end up. Of course I'm thrilled with the reception, and it's been much larger and more positive than I could have imagined. There's nothing else in the works at the moment, but I'm definitely open to doing more things like that if it's the right project. ...

Q: When will Valve release a video game that is also a full musical comedy?

A: Yes please. That would be a great deal of fun to do, whether or not it was any fun to play. I'll put you in touch with Gabe and you can insist that he make it happen.

Re:

[Etrias]

Q: When will Valve release a video game that is also a full musical comedy?

A: Yes please. That would be a great deal of fun to do, whether or not it was any fun to play. I'll put you in touch with Gabe and you can insist that he make it happen.

I got it. The musical Gordon Sings! Released from his mute state, turns out that all he wanted to do was sing and dance, but instead had to save the world. Twice. (Maybe three times)

Re:

[davidsyes]

Yeh... like "Combat Riverine Dance", in which FPRD (First-Person River Dancers) stomp the living this, umm living shit out of da enemy... whomever "da enemy" is.

Valve CRD Slogan: "These boots were made for trompin' and stompin'"

Character sayings:

"I love the smell of worn leather in the morning..."

"We don't need no stinkin' bullets..."

"'Air strike'? What's that? All I need is my BOOTS and dazzlin piurette (sp?) and some GRENADES..."

"This is my RIFLE, THIS is my GUN, these are my piurettes, dazzzling by buns.

But first, make sure you have the Bruce facts

[sien]

To get the most out of this interview, make sure you have the facts [geekz.co.uk] on Bruce Schneier. The man is not what he seems.

Re:

[sconeu]

Who would win a 3-way fight between Chuck Norris, Jack Bauer, and Bruce Schneier?

For full credit, please show your work.

Re:

[davidsyes]

Who would win between THEM vs these:

1. Nutcracker
2. MacGyver
3. http://www.youtube.com/watch?v=N96DWI5wuB4 [youtube.com]

Re:

[JK_the_Slacker]

I'm not sure, but I do know that Jason Bourne would limp away.

Oh, and don't forget about the explosion that almost (ALMOST) kills John McClane.

Re:

[ceoyoyo]

Nobody wins in a three-way between CN, JB and BS.

Oh, three-way FIGHT. Whoops.

Re:

[mcrbids]

I like how your linked website downloads random binary files. I'd guess that this is a MALWARE site... (running the GNU "file" command on the binary indicated it as "data" - unknown)

Re:

[meringuoid]

We can add a new one:

Bruce Schneier doesn't bother to secure his wireless network at all. Who would dare, anyway?

Re:

[calebt3]

Chuck Norris

Re:

[JumboMessiah]

The best [geekz.co.uk] one:

"Bruce Schneier slashdotted slashdot."

This [geekz.co.uk] one is also quite clever.

FTA: several websites

[mseidl]

There are several Web sites where I pay for access, and I have the same password for all of them.

And these sites have content, content which gets stored under /.pr0n

Re:

[junglee_iitk]

Thanks for a good laugh.

Best Answer

[Odin_Tiger]

Q: I recently had an experience on eBay in which a hacker copied and pasted an exact copy of my selling page with the intention of routing payments to himself. Afterwards, people informed me that such mischief is not uncommon. How can I ensure that it doesn't happen again?

A: You can't. The attack had nothing to do with you. Anyone with a browser can copy your HTML code -- if they couldn't, they couldn't see your page -- and repost it at another URL. Welcome to the Internet.

Poor Bruce must get awful tired of answering questions from people who don't understand how computers, etc. actually work.

A billion times...

[Spy der Mann]

FTA:

Moore's Law predicts that in fifty years, computers will be a billion times more powerful than they are today. I don't think anyone has any idea of the fantastic emergent properties you get from a billion-times increase in computing power.

I do have an idea. For starters, Holovideo. Computers a billion times more powerful than today's will be able to calculate the interference equations required to display true color live holograms on flat screens - or glasses.

Just think about it, put on your glasses and everything seems normal. Turn on your (wearable?) computer and you'll be able to interact (let's assume the glasses got tiny cameras on them, thanks to transparent electronics) with holographic objects - which may include virtual displays which you can move with your hand, a-la minority report (or a-la Nadesico if you're an anime fan ^^). Who says you'll need to use physical keyboards? Probably they'll be virtual, too! No more Repetitive Strain. And that's just for starters - imagine playing with rubik cubes or analyzing/debugging code (for programmers) in 3D.

However, I wonder if software will be advanced enough by then to have AI agents assisting you like most sci-fi flicks. Usually software is the barrier in computing. Programmers are slow.

Re:

[AuntieWillow]

FTA:

However, I wonder if software will be advanced enough by then to have AI agents assisting you like most sci-fi flicks. Usually software is the barrier in computing. Programmers are slow.

Programmers are slow because, like me, they're probably surfing /. :-)

Re:

[davidsyes]

How many Real Dolls of Congress are we talking about?

Re:

[calebt3]

Your not thinking big enough. How about a Matrix-like storage place for our bodies while we have a live direct-to mind interface with a Star-Trek-like hologram body that we use to interact with the world. It would never get tired physically, can't get injured, have superhuman senses, and it could look like whatever we wanted it to (human or otherwise). Now that would be awesome!

Re:

[Colin Smith]

I don't think anyone has any idea of the fantastic emergent properties you get from a billion-times increase in computing power.

I do. You're something similar right now.

 

Re:

[PWNT]

ya at a billion times the energy requirements. no thanks, i do not want to require a portable nuclear reactor with me.

Re:

[tgd]

I could be wrong but I actually think there are at least a few research teams doing digital holography right now....

strange answer on wireless

[SEAL]

Q: Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?

A: I run an open wireless network at home. There's no password, and there's no encryption. Honestly, I think it's just polite. Why should I care if someone on the block steals wireless access from me? When my wireless router broke last month, I used a neighbor's access until I replaced it.

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

Re:

[gnasher719]

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

What is more likely to happen: That someone reads sensitive data from his unprotected wireless network, or that he is killed in a complete random traffic accident?

Re:

[maraist]

That someone reads sensitive data from his unprotected wireless network, or that he is killed in a complete random traffic accident?

Or C) that an industrious/bored male techno-teenager lives within his wifi range

Re:strange answer on wireless

[someone300]

I personally use an open wireless network. I trust my open wireless network as much as I trust my ISP and unsecure wired network, and all sensitive data that I throw around internally is securely encrypted or otherwise done through a secure tunnel. If I need to put a password I care about into a HTTP site, and I want to minimize risk, I just use my proxy, which is directly and securely* wired into the switch. Generally, if you have a large wired network, you need to make the assumption that any piece of cable not in a secure room could be spliced and packets logged.

Of course, considering a large amount of web traffic is HTTP when it should be HTTPS, and certain operating systems expose services onto the network which they probably shouldnt, it's probably a bit irresponsible to suggest that home users leave their stuff unencrypted. Personally, the reason I run an open AP is because open APs have helped me in the past. There's a form of QoS to stop people abusing and give priority to certain computers on my network.

* Considering it's a house, 'secure' means it's in a locked cupboard ;)

Re:strange answer on wireless

[Kidbro]

Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

Any data that goes unencrypted between your computer and your wifi base station will also go unencrypted between the wifi base station and the target destination. On top of this, any data that's only encrypted by your wifi network will also go unencrypted between the wifi base station and its target destination.
Maybe Bruce is just wise enough to encrypt any sensitive data he transfers properly, and not rely on the encryption in his $30 hardware that will only protect against attackers within 50 meters?

Re:strange answer on wireless

[Cal Paterson]

This is excellent logic, but I think much of the reasoning behind wifi encryption is that people who do connect to your wifi are essentially getting to fire a load of packets around the internet with your name on them.

Which could be worrying or not, depending on their interests. The number of people connecting to open access points to use kazaa to download the latest movie blockbuster would worry me if I was in an apartment building or something.

Re:

[remahl]

Plausible deniability.

Re:

[Cal Paterson]

Except that I don't think that has worked in court yet, at least in the UK, and probably not in the US either.

Re:strange answer on wireless

[Umuri]

I think what he means is that if you are depending on your wireless connection for security, you're already doing something wrong.

One is because most secure practices can be implemented well separate of wireless, if you are concerned with security. And in fact relying on wireless encryption as your "only" form of security is something that even most non-savvy computer users can be taught not to do, so the experienced ones should have no excuse.

The other is that most "security" for wireless has already been broken and can be repeated in a near trivial amount of time, so if someone was dead set on sniffing your data, chances are they'd be able to do it.

In my defense, I run an open wireless network that is sectioned off, that instead of encryption relies on MAC addresses to allow into the normal section of the network. Everyone not on the list just gets to use the internet.

Allows friends to come over and connect happily to the web without messing with stuff, and if they need the network access adding their computer is a 10 second job.

Re:

[Mark Trade]

AFAIK, MAC addresses can be sniffed while you use the WLAN and replayed when you don't to get access. So this is not a good way to authorize a client.

Re:strange answer on wireless

[flaming error]

It only seems risky until you learn that Bruce Schneier types in TwoFish.

Re:strange answer on wireless

[Brickwall]

It only seems risky until you learn that Bruce Schneier types in TwoFish.

Gee, what happened to OneFish, and the RedFish and BlueFish?

Re:

[trawg]

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

As others have already pointed out, as long as he's encrypting probably everywhere else it won't make any real difference. If you're on an open wifi network and everything you do is via an SSH tunnel or VPN or something, you're probably doing quite a bit better than using WEP anyway.

I think the really interesting part of this answer is that it doesn't really address the legal issues of someone misusing and abusing your connection for their own evil deeds. I don't know if this has been tested in court but

Committing a felony is OK

[Propaganda13]

When my wireless router broke last month, I used a neighbor's access until I replaced it.

From the context, it appears that he used his neighbor's network without permission. Depending on where you live this is considered a felony.

http://money.cnn.com/2005/07/07/technology/personaltech/wireless_arrest/index.htm

You also might be violating terms of service with your ISP by sharing your connection.

Another person using bittorrent to download movies and music can easily swamp your wireless router with the number

Re:

[xant]

There are legal issues and responsibilities that really should be cleared up, so people who do want to share WIFI can.

You realize, though, that "clearing up" the issues and responsibilities might mean making it illegal to share your WIFI? Let's keep it murky. The law is only going to overreact to the threat, if it even exists.

Which it may not.. how many cases have there been? I suggest that people doing a lot of illegal downloading need a lot of bandwidth. Your neighbor's wifi ain't that.

Re:

[Propaganda13]

Right now, it is illegal to access open wifi spots without permission. I'd rather be able to access without worry. No, there hasn't been a lot of cases yet.

I used to download distros on business class Road Runner shared through a small apartment building by wifi. The main issues were too many connections would swamp or kill the wifi. A lot of home routers can only handle 128 connections. I lowered the connections and set the scheduler to avoid times commonly used by others to avoid complaints. Bandwidth wa

Re:

[alexborges]

My friend. The point is that is almost as easy to get data from a suposedly "encrypted" (weak ass encryption) wifi connection, as to do it from an unencrypted one.

And I mean... what is this, Mr. SEAL, although you have an enviable 5 digit slashdot ID, im gonna HAVE to go with bruce on this one.... hell, id go with bruce on all the rest-of-them as well.

Re:

[lennier]

Being not an American, and coming from a country (New Zealand) where broadband Internet access is metered in gigabyte chunks, so if your neighbour borrows your bandwidth you can get a Very Large Bill, I can't actually tell whether Bruce's comment is sarcastic or serious.

I mean, in the USA, *could* you let neighbours use your open WiFi point *without* paying huge $$$ in over-usage charges? If you could, then I guess I'd be happy with running an open access point myself, as long as I implemented my own local

Re:

[bhima]

In the US most ISP packages are unmetered and ISP's have vastly oversold their capacity.

Thus is doesn't matter if your neighbors use your WiFi. (unless they are doing something illegal with it)

Re:

[ceoyoyo]

If you're relying on your wireless network encryption for all your security you've got problems. Make sure you do your banking on secure web sites. Use SSH. If your porn collection is really valuable to you make sure your file server uses encrypted passwords.

Most people use their wireless network pretty much exclusively to bridge the gap between their couch and the Internet. Since the Internet is basically public, it really doesn't matter that the last metre is unencrypted, over the air.

Re:

[nametaken]

Agreed. I know if anyone wants to rob my house, a door lock isn't going to stop them. Guess what? I still lock the door when I leave.

"Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?"

The answer is, of course, an emphatic "yes". Mr. Dubner needs new IT friends.

Re:

[GregNorc]

Two words my friend: Plausible Deniability.

Re:

[Proteus]

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

As the man himself says [schneier.com]: "For the record, I have an ultra-secure wireless network that automatically reports all hacking attempts to unsavory men with bitey dogs."

Seriously though, Bruce has explained several times that the best choice is "secure the hosts, open the network". I perso

His Password Comment

[OldSoldier]

I choose the same password for all low-security applications. There are [also?] several Web sites where I pay for access, and I have the same password for all of them.

Has there been any survey of how various systems store passwords? Schneier's policy above is very similar to mine, and I was surprised recently when my Sprint password, which I thought was "secure" was plainly visible to the customer service clerk at my local Sprint store!

Specifically I do not care how my low-security passwords are stored. But for my high security passwords, I would like them all to be stored in a unix-like way, namely only cyphertext is stored and it's impossible for anyone to know what that password is. Sure they may be able to change it on my behalf, but can they tell what it is? No!

I've had this concern for quite a while now and I'm surprised that I haven't found a security certified label that addresses this concern. Sure there are other labels like http://www.truste.org/ [truste.org] or "Verisign Secured", but where's there one that tells me my user-password is stored in a "unix-like" manner?

Re:His Password Comment

[RAMMS+EIN]

I can't answer which sites will actually store your passwords and which ones will only store a one-way hash of it, but I can tell you that some customers I've developed sites for insisted that the passwords be stored in cleartext. So "many sites store your password in cleartext" is my best guess.

Also, even if the site doesn't store your password in cleartext, it will still be sent to them as cleartext. Even if it goes over SSL, the site itself will be able to decrypt it. So, one way or another, They have your password.

I would like to suggest a feature that could be added to browsers. An idea to think about; not a request for implementation just yet. But here's the idea. Let the browser perform the one-way hashing. You enter your password, the browser hashes it, and the hashed value is sent to the site. You can use a different hash for every site, and thus use the same password on your side, but send different values to different sites. That way, no site can pick up your password and use it with another site. You are still open to replay attacks on the same site if the site doesn't protect against that (e.g. by using SSL), but it's a lot better than things are now. You never send out your actual password, so nobody ever gets to know it.

Re:

[cheros]

I like that idea, and it's easy to do if the site provides the 'salt', i.e. the site sends you a string to which you ADD your password before you calculate the hash locally and return it.

That way, the hash is site specific and it wouldn't matter if you used the same password or not.

The problem is implementation. Maybe one for Firefox and Apache together?

Re:

[RAMMS+EIN]

If we're going to make modifications on both ends, we can come up with something much better than what I described. But the scheme I described is completely client-side; the server just handles it like it does any other password. Therefore, only your web browser needs to be modified, rather than every web site on the planet.

OK, so we have a plug-in..

[cheros]

Let's have a look.

From a code perspective you'd have something like

(0) init - maybe a start 'magic word' to make it individual?

(1) take website name
(2) strip "www" from it (so 'bare' use is identical)
(3) request password from user
(4) store user password for re-use (as normal if Firefox is set up that way)
(5) get hash (MD5 or better) of magic word + sitename + user provided password
(6) take first/last/middle 5..32 characters (not all sites allow more than 8 chars) - maybe derive this from web name as well so

Re:

[maxume]

It's been done:

http://www.angel.net/~nic/passwdlet.html [angel.net]
http://supergenpass.com/genpass/ [supergenpass.com]
http://supergenpass.com/ [supergenpass.com]
(there are surely others)

Not an extension, but that can be a good thing.

Superb!

[cheros]

Thanks for that, already testing it :-)

Re:

[Hoplite3]

This is an excellent idea. If the site-dependent salt you add to the password before hashing is defined in some stable way, this could allow you to have a "master password" that doesn't depend on a local encrypted password file.

I'm imagining a firefox plugin that prompts you for your password when you go to a site. You type in the master password, it gets salt from the source, hashes it, then sends the hash to the site as you "password". The best part is if you sign up for an account for site a on one ma

Re:

[DMUTPeregrine]

You want PwdHash [mozilla.org] for Firefox. It hashes your password with the site domain (though not with subdomains.) This makes phishing very, very hard.

Re:

[Nick Barnes]

One site recently included my password in a routine email to me.

Re:

[g1zmo]

I was a little surprised the first time I called Sprint's customer service, and they asked me for my password as one of their ID verification questions. The password I created for their website. Hell if I knew what it was, it's a pattern on the keyboard. The lady seemed confused that it wasn't my name or some other English word.

Writing down your password

[Beryllium Sphere(tm)]

Same point as Bruce, but put in terms of a threat analysis translated into everyday terms:
Why you should write down your password [berylliumsphere.com]

Re:

[Rick17JJ]

The article mentions the possibility of storing passwords on a USB flash drive and carring it around your neck. A Corsair Flash Padlock USB flash drive would be ideal for that purpose because it has the added security of buttons on the side like a padlock. It is works with Windows, MAC or Linux. I don't know what type of encryption it uses, but it might not matter since they would have to slowly enter the various possibilities manually. The FBI or NSA might know how to splice directly into the electroni

ehh, not a great interview

[f1055man]

He kind of annoys me by not answering any of the questions and instead links back to articles he's written before. Why bother giving an interview if you're just going to give a works cited page? I understand not wanting to repeat yourself, but when you're the Chuck Norris of infosec you have to in order to get through to the rest of us mere mortals.

Re:

[bhima]

In his defense, had he completely restated the whole of his previously published work he references his responses would be tediously long.

I saw it as more of a "here is a more in depth answer to this question, if you are interested"

Bruce insinuates: No competition with Microsoft

[MobyDisk]

Q: ...can't we design a computer that can "cold boot" nearly instantaneously?
A: This is an economics blog, so you tell me: why don't the computer companies compete on boot-speed?

I know! I know! Because there's no competition?
The desktop competitors are*: 90% Microsoft, 5% Apple, 5% other. With a distribution like that, there's hardly any real competition to cause things to improve. Even if Linux is modified to boot in 3 seconds, it won't make Microsoft change anything.

* (This is just a ball park guess to make the point, not warranting for accuracy)

Re:

[slim]

Q: ...can't we design a computer that can "cold boot" nearly instantaneously?
A: This is an economics blog, so you tell me: why don't the computer companies compete on boot-speed?

(snip)
Even if Linux is modified to boot in 3 seconds, it won't make Microsoft change anything.

I dunno. If it actually turned heads, it would. Windows 95 needed a reboot to change IP address. People would live with it -- assume that's just how computers had to be. When you showed someone (er, the right sort of someone) how you could change IP address on the fly with Linux, they'd be really impressed. I'm convinced that if Linux hadn't shown some portion of impressionable consumers that kind of thing was possible (also, stable multitasking, convenience in CLIs like tab-completion, etc.), those featur

Hey Bruce...

[Nom du Keyboard]

Q: Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?

A: I run an open wireless network at home. There's no password, and there's no encryption. Honestly, I think it's just polite. Why should I care if someone on the block steals wireless access from me? When my wireless router broke last month, I used a neighbor's access u

Re:Too many to answer -- I'm not impressed however

[jjohnson]

This person needs to learn more about security

You think Bruce Schneier needs to learn more about security?

Re:

[jjohnson]

No, you just bragged about your extremely clever system for memorizing passwords (that you didn't describe).

Regardless, Schneier's solution is vastly more useful in practice for, well, everyone else.

You still sound like you have no clue who this guy is.

Re:Too many to answer -- I'm not impressed however

[tm2b]

This person needs to learn more about security and a different way to go about handling their passwords.

This is much like thinking that Donald Knuth needs to learn more about algorithms.

Consider that a point is being made that you're not getting, because "this person" is not a moron, and generally talks about security as it is actually practiced instead of how it would be practiced if everybody were an expert and made good security a priority. Since people in general will not make security a priority, you have to talk about how people actually behave and how to craft security that will take actual behavior into account.

Re:Too many to answer -- I'm not impressed however

[swillden]

Based on the techniques I use I am able to remember every single password for every single site I use with 99% of them being different

And all of those passwords are:

• at least 10 characters in length;
• "random", containing no dictionary words or other predictable sequences;
• a mixture of letters (upper and lowercase), numbers and punctuation marks; and
• not related in any way that would allow an attacker who has seen several of them to derive another one.

Right?

This person needs to learn more about security and a different way to go about handling their passwords.

You do realize that this is like suggesting that the Pope learn more about Catholicism, right? Bruce Schneier started as a serious academic cryptographer and branched out into

Re:

[swillden]

And all of those passwords are:

Yeah, they are. All of them. Thanks for posting what I figured was obvious and unnecessary.

I strongly doubt it. Especially the part about not being related to one another. That's very difficult to do effectively, without using a strong one-way function.

Re:

[Jussi K. Kojootti]

You, sir, are not only anonymous but also a liar (or possibly a moron, I'm sure someone can tell you which if you post some details about your password scheme).

Re:

[ZachPruckowski]

None of which are acceptable. This person needs to learn more about security and a different way to go about handling their passwords. Based on the techniques I use I am able to remember every single password for every single site I use with 99% of them being different (I have some legacy passwords on sites that don't require security in the first place but that's because I'm lazy).

First of all, you saying "[Bruce Schneier] needs to learn more about security" is like me saying "the Pope needs to learn mor

Re:

[A nonymous Coward]

Is he twins?

Stupid mods fell for my trap!

[A nonymous Coward]

Sometimes it's fun to bait the mods. I got a dumb one this time, who decided since he didn't catch the joke, it must be off topic.

Mods forever! Dumbness rules!

WARNING: Yet Another unsafe redirect

[sethstorm]

snipped url goes to shock site.

WARNING: Unsafe Redirect.

[edgedmurasame]

Post is just using extra long URL's to obscure shock site.