Crypto Won't Save You Either
Cryptographer Adi Shamir, the 'S' in RSA, once said that "cryptography is bypassed, not penetrated". In the light of the Snowden revelations about the NSA, various people have proposed using crypto in order to evade NSA surveillance. This talk tries to put that into perspective, looking at ten years of trying to secure things with crypto that ultimately failed, not through anyone bothering to break it but because it was much easier just to bypass it. The lesson from all of this is that you can't just throw crypto at something and assume that that will make you safe.
Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.