LWN: Secrets & Lies [Book Review]Nov 16, 2000, 22:12 (0 Talkback[s])
"Bruce Schneier has long been known as the author of Applied Cryptography, the definitive nuts-and-bolts guide to how cryptographic algorithms work and their implementation. That book became a bible for aspiring cypherpunks everywhere, both for its technical information and for its enthusiasm for what cryptography can do. Cryptography was the answer to many of the world's problems."
"Mr. Schneier has changed his perspective somewhat in the years since Applied Cryptography came out, which is why Secrets & Lies begins with: "I have written this book partly to correct a mistake.... It's just not true. Cryptography can't do any of that." Has he lost his belief in cryptography?"
"A number of people have described Secrets & Lies as a dark book. Certainly much of it comes off that way. It describes numerous cryptographic and security techniques, and how vulnerable they all are. Cryptography may seem unbreakable mathematically, but that doesn't help much. The implementation of a cryptographic algorithm is certainly buggy, the computer the code runs on may be compromised, the keyboard could be bugged, and the user will probably simply tell you his or her key if you call up and pretend to be somebody with a right to know."
"What this book tells us is that we've been trying to fix the wrong threats. Cryptography is great, firewalls are great, and so on, but the bad guys will probably just find a way to go around it all."