On Shifting “Windows” and “Security” from Less Antonymous to More Synonymous

(Page 2)

A similar situation applies here. Upon reading Bruce Schneier's blog, I saw the title, “Microsoft's BitLocker.” I thought to myself, “This is either worthy enough to garner itself an honorable mention, or ridiculously bad enough to deserve being called out.” From left to right, my eyes receive the text with anticipation for the latter, but, surprisingly – the final verdict is positive. One particular sentence stood out. This could have been because it was partitioned into its own paragraph, despite being a single sentence, or perhaps it was the confident tone of the sentence. And I quote, “There aren't any back doors for the police, though.” This statement packs a lot of punch.

I was curious as to where this confidence was coming from, so I followed the link. From Bruce's blog, my 6MB DSL connection promptly took me to the blog of Microsoft's System Integrity Team. I was impressed with the author's almost-martyr-like denunciation of the speculative-at-best rumors. He was straightforward in stating that back doors were unacceptable and he'd have no part in a project that supported them; it wasn't until I saw the author's name, however, that it all made sense. Oh, right – the name. “Niels Ferguson,” it was signed. Not only did it explain Bruce's confidence-emitting statement, but it sent a little of that confidence my way, as well. This relates to the film credit analogy. By the way, you might know Bruce and Niels as the co-authors of Practical Cryptography, a seminal book about applying good cryptography, simplistically, correctly, and securely, and the co-designers of the block cipher, Twofish, a 128-bit Feistel network, that earned its cryptanalytical bones by surviving as a finalist in the AES selection process.

Again, just because there's a seasoned cryptographer attached to a project, this is no guarantee that the final product will be secure. It is no secret that even the Michelangelos and Rembrandts of this art miss a few strokes here and there, and have their schools of design dismissed and broken. It's part of the artistic science (or scientific art, depending on your perspective) – a fixture of expectation, if you will. So, regardless of how BitLocker really turns out, we, at least, have a signal of hope that sound design strategies played some part in its evolution. A big, sarcastic “way-to-go” goes out to the Jerry-built cryptography that has unfortunately succeeded in its sometimes advertent, but sometimes inadvertent, bourgeoisification campaign in the software and hardware market that it has filled with more holes than Swiss cheese at an acupuncture appointment.

< 1 2 3 4 5 6 7 8 >