If someone in the community of professional cryptographers and crypto-based security is reading this, what is his position in that community? Is he as prominent? A leader? A leading engineer?
"Schneier's career has an interesting arc that is not too dissimilar from that of Eric Raymond, involving early modest-but-significant contributions to the field (cryptologic literature for Schneier, open source software for Raymond), then a marked phase of popularization and evangelism, followed by a full-throttle transition into punditry."
https://news.ycombinator.com/item?id=5474372
I'm not from the crypto community, but putting Skein into FreeBSD seems a very strange choice, especially because it looks to be motivated by the "Schneier" brand. Apart from SHA-3 (which is already there), BLAKE2 would have been a better alternative.
This does reek a bit of the "Schneier Brand", but for what it's worth, Bruce hasn't developed horrible cryptographic primitives:
Block ciphers: Blowfish (bcrypt is based on the expensive Blowfish key schedule), Twofish (an AES finalist), Threefish (based on Skein).
Stream ciphers: Solitaire (a classical algorithm with playing cards), Helix (authenticated stream cipher), Phelix (authenticated stream cipher submitted to ECRYPT)
Random number generators: Yarrow (inital CSPRNG), Fortuna (CSPRNG replacing Yarrow- FreeBSD and OS X/iOS /dev/random)
Generic hashing algorithms: Skein (a SHA-3 finalist)
What I find interesting, is the monocultures created in cryptography. You have the NSA/NIST monoculture (3DES, AES, SHA-1, SHA-2, SHA-3), the Schneier monoculture (Blowfish/bcrypt, Fortuna, Skein) and the Berstein monoculture (Poly1305, Curve25519, ChaCha20). It seems to me that if you're against the NIST standards and NSA designs, then you're likely in the Schneier or Berstein monocultures, with possibly some overlap.
What bothers be about being anti-NIST or anti-NSA, is forgetting that we have some great algorithms that already exist, such as AES and SHA-2, that are well-studied, well-implemented, and near ubiquitous. I'm not saying we should just stick with those primitives, and I'm glad cryptographers are thinking of more, such as BLAKE2 and Argon2.
So, I guess this whole discussion boils down to "why?". Why is Skein being added to FreeBSD? What is the need? Is the package manager moving to file integrity with Skein? Is ZFS? Some other need? Or is this getting added, because of the Schneier monoculture, and the need to be "anti-NIST/NSA"? I tend to believe its the latter.
I agree, but it wasn't chosen arbitrarily. It's only for use by existing ZFS code in a mode already supported in other OpenZFS trees.
https://news.ycombinator.com/item?id=5472468
As most of you know, this guy's career is very interesting. Every few years he's stepped up to another level of thinking, a higher, more abstract viewpoint of the world. It's natural for people to learn and abstract, but he does so much of it.
Note: It's not necessarily a bad thing. We need more people to get info to laypeople, business execs, and policymakers in a way they can understand. Just shifts what hou can expect from the person in terms of technical stuff.
So why create an account to say that? Why do you feel so strongly about Schneier?
