Sound and Fury

I ordered (and expensed) a very large book entitled "Security Engineering" last week. Bruce Schneier strongly endorses it, and its table of contents looked promising, so I convinced my employer to buy it for me.

It came yesterday. It's huge. It's a little over 1000 pages (and not all filler, like some overly-large technical books, though the bibliography runs for around 100 pages), which isn't unreasonable, but it's like three inches thick. The paper must be fairly thick.

Anyway. It seems like a well-written book with a very solid, methodical approach to a very complex topic. I can't really say more at this point, as I'm on page 17 (though the front matter runs for 40 pages).

Chapter 2, "Usability and Psychology" begins with a quote:

Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - Kaufmann, Perlman, and Speciner

I love that quote. I'm considering printing it out and posting it in the UI design team's area of the building.