Bruce Schneier

Q: What Schools Are Affiliated With Bruce Schneier

Bruce Schneier is affiliated with the following schools: University of Rochester, Harvard University, American University

Why Is Bruce Schneier Influential?

(Suggest an Edit or Addition)

By Erik J. Larson, PhD

Areas of Specialization: Computer Security
Schneier’s name is synonymous with computer security. He is also respected as a cryptographer, and writes on issues of personal privacy arising from society’s ever changing relationship with new technology. In 1984, Schneier earned his bachelor’s degree in physics from the University of Rochester in New York. He received a master’s degree in computer science from American University in Washington, D.C. in 1988 and an honorary Ph.D. from the University of Westminster, London in 2011.

Over the years, Schneier has written extensively on core issues and problems with computer security, both for private individuals and for company and government security. Importantly, he has been an outspoken critic—or at the very least, he has sounded caution—of blockchain technology, arguing that it can create more problems than it solves. Central to much of Schneier’s thinking about computer security, he points out that supposedly “bullet proof” technology solutions for establishing security and trust tend to have weak points at the “ends” where humans add and receive data. The human components to end-to-end security is a key theme in his ideas. “Schneier’s Law” was coined by Internet theorist Cory Doctorow in a 2004 speech, capturing this theme: “Any person can invent a security system so clever that he or she can’t imagine a way of breaking it.”

Schneier’s books on computer security issues are written for general audiences, and have been widely read. Notable titles include: Secrets and Lies: Digital Security in a Networked World in 2000; Beyond Fear: Thinking Sensibly About Security in an Uncertain World in 2003; Liars and Outliers: Enabling the Trust that Society Needs to Thrive in 2012, and most recently Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World in 2015.

Academic Website

Professional Website

Featured in Top Influential Computer Scientists Today

According to Wikipedia, Bruce Schneier is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Center for Internet & Society as of November, 2013. He is a board member of the Electronic Frontier Foundation, Access Now, and The Tor Project; and an advisory board member of Electronic Privacy Information Center and VerifiedVoting.org. He is the author of several books on general security topics, computer security and cryptography and is a squid enthusiast.

(See a Problem?)

Bruce Schneier's Published Works

Number of citations in a given year to any of this author's works

Total number of citations to an author for the works they published in a given year. This highlights publication of the most important work(s) by the author

Published Papers

Applied cryptography - protocols, algorithms, and source code in C, 2nd Edition (1993) (1908)
Fast Software Encryption (2001) (1389)
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) (1993) (953)
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C (1995) (893)
Secrets and Lies: Digital Security in a Networked World (2000) (681)
Practical cryptography (2003) (613)
Analysis of the SSL 3.0 protocol (1996) (492)
Improved Cryptanalysis of Rijndael (2000) (458)
Beyond fear - thinking sensibly about security in an uncertain world (2003) (441)
Secure audit logs to support computer forensics (1999) (434)
Twofish : A 128-bit block cipher (1998) (433)
Second Preimages on n-bit Hash Functions for Much Less than 2n Work (2005) (351)
Cryptography Engineering - Design Principles and Practical Applications (2010) (348)
Side Channel Cryptanalysis of Product Ciphers (1998) (336)
The psychology of security (2007) (296)
Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES (1996) (279)
Ten Risks of PKI (2004) (277)
Cryptographic Support for Secure Logs on Untrusted Machines (1998) (276)
Inside risks: the uses and abuses of biometrics (1999) (264)
Cryptanalytic Attacks on Pseudorandom Number Generators (1998) (261)
Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA (1997) (254)
Two-factor authentication: too little, too late (2005) (236)
One-way hash functions (1991) (231)
The Twofish encryption algorithm: a 128-bit block cipher (1999) (223)
Unbalanced Feistel Networks and Block Cipher Design (1996) (214)
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent (2000) (212)
Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists (1996) (205)
Environmental Key Generation Towards Clueless Agents (1998) (203)
Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive (2003) (189)
A Cryptographic Evaluation of IPsec (1999) (187)
The risks of key recovery, key escrow, and trusted third-party encryption (1997) (177)
Applied cryptography, second edition : protocols, algorithms,and source code in C (2015) (173)
Toward a secure system engineering methodolgy (1998) (165)
Protocol Interactions and the Chosen Protocol Attack (1997) (162)
Cryptographic Design Vulnerabilities (1998) (146)
Secrets and Lies (2004) (141)
Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator (1999) (127)
Protecting secret keys with personal entropy (2000) (121)
Secure Applications of Low-Entropy Keys (1997) (120)
Performance Comparison of the AES Submissions (1999) (116)
MODELING SECURITY THREATS (1999) (106)
Liars and Outliers: Enabling the Trust that Society Needs to Thrive (2012) (99)
A Taxonomy of Social Networking Data (2010) (98)
Related-Key Cryptanalysis of 3-WAY (1997) (96)
Reaction Attacks against several Public-Key Cryptosystems (1999) (94)
Building PRFs from PRPs (1998) (87)
Mod n Cryptanalysis, with Applications Against RC5P and M6 (1999) (86)
Key-Schedule Cryptanalysis of DEAL (1999) (79)
Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications (2008) (79)
Schneier on security (2008) (74)
Data Encryption Standard (DES) (2015) (70)
Cryptanalysis of Microsoft's point-to-point tunneling protocol (PPTP) (1998) (70)
The Twofish Encryption Algorithm (1999) (70)
Attacks on Cryptographic Hashes in Internet Protocols (2005) (66)
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (1999) (66)
A Performance Comparison of the Five AES Finalists (2000) (64)
Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor (1997) (63)
Voting and technology: who gets to count your vote? (2003) (55)
A certified e-mail protocol (1998) (55)
A SELF-STUDY COURSE IN BLOCK-CIPHER CRYPTANALYSIS (2000) (54)
Architecture of Privacy (2009) (53)
The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance (1997) (44)
Cryptanalysis of ORYX (1998) (42)
Insurance and the computer industry (2001) (41)
Second Primages on n-bit Hash Functions for Much Less than 2n Work | NIST (2005) (39)
Cryptanalysis of the Cellular Encryption Algorithm (1997) (38)
Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs (1999) (38)
Cryptanalysis of the cellular message encryption algorithm (1997) (38)
Surreptitiously Weakening Cryptographic Systems (2015) (37)
Detecting Cheaters (2011) (36)
SECURITY PITFALLS IN CRYPTOGRAPHY (1998) (36)
Common-Knowledge Attacks on Democracy (2018) (34)
Data and Goliath (2015) (34)
Managed Security Monitoring: Network Security for the 21st Centur (2001) (33)
DIGITAL SECURITY IN A NETWORKED WORLD (2013) (32)
Inside risks: semantic network attacks (2000) (31)
Remote electronic gambling (1997) (29)
Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement (2015) (29)
Preliminary Cryptanalysis of Reduced-Round Serpent (2000) (29)
Privacy threats in intimate relationships (2020) (29)
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG (2002) (29)
Guilty until proven innocent? (2003) (28)
Attack Trends: 2004 and 2005 (2005) (27)
A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols (2000) (26)
Guest Editors' Introduction: Economics of Information Security (2005) (26)
The MacGuffin Block Cipher Algorithm (1994) (25)
An improved e-mail security protocol (1997) (25)
AES Key Agility Issues in High-Speed IPsec Implementations (2000) (25)
The Street Performer Protocol and Digital Copyrights (1999) (24)
Automatic Event-Stream Notarization Using Digital Signatures (1996) (24)
On the Twofish Key Schedule (1998) (23)
Risks of third-party data (2005) (23)
Cryptography: The Importance of Not Being Different (1999) (23)
Stop Trying to Fix the User (2016) (22)
Economics of Information Security and Privacy III (2013) (22)
An authenticated camera (1996) (22)
Reaction Attacks Against Several Public-Key Cryptosystem (1997) (21)
The Future of Incident Response (2014) (21)
Hacking the business climate for network security (2004) (21)
Sensible Authentication (2004) (21)
"E-mail Security - How to keep your Electronic Messages Private": E-mail security by Bruce Schneier 1995 (John Wiley & Sons 365 pp.) isbn 0-471-05318-X (1995) (20)
The case for outsourcing security (2002) (20)
Red-black trees (1992) (19)
The nonsecurity of secrecy (2004) (19)
Remote auditing of software outputs using a trusted coprocessor (1997) (18)
Cryptography, security, and the future (1999) (17)
IoT Security: What's Plan B? (2017) (17)
Cryptography Is Harder than It Looks (2016) (16)
Here Comes Here Comes Everybody (review of Here Comes Everybody: The Power of Organizing Without Organizations by C. Shirky) [Books] (2008) (16)
A Worldwide Survey of Encryption Products (2016) (16)
Secrets and lies - digital security in a networked world: with new information about post-9/11 security (2004) (16)
E-mail security (1995) (16)
Semantic network attacks. (2000) (16)
Inside risks (1997) (16)
Customers, Passwords, and Web Sites (2004) (15)
Schneier's Cryptography Classics Library: Applied Cryptography, Secrets and Lies, and Practical Cryptography (2007) (15)
Carry On: Sound Advice from Schneier on Security (2013) (15)
Insider risks in elections (2004) (14)
Smart Card Research and Applications (1998) (14)
Securing Medical Research: A Cybersecurity Point of View (2012) (14)
Artificial Intelligence and the Attack/Defense Balance (2018) (14)
Information Security and Externalities (2007) (13)
The trojan horse race (1999) (13)
Risks of Relying on Cryptography. (1999) (12)
Security and Compliance (2004) (12)
Metadata = Surveillance (2014) (11)
Locks and full disclosure (2003) (11)
MARS Attacks! Preliminary Cryptanalysis of Reduced-Round MARS Variants (2000) (11)
Authenticating Secure Tokens Using Slow Memory Access (1999) (11)
Block Cipher Modes (2015) (10)
Comments on Twofish as an AES Candidate (2000) (10)
Security pitfalls in cryptographic design (1998) (10)
Electronic commerce and the street performer protocol (1998) (10)
Schneier on Security: Privacy and Control (2010) (10)
Inside risks: risks of PKI (2000) (10)
Cryptanalysis of FROG (1998) (10)
Perspectives on the SolarWinds Incident (2021) (10)
Key Length (2004) (9)
Making Democracy Harder to Hack (2017) (9)
A Peer-to-Peer Software Metering System (1999) (9)
Politics of Adversarial Machine Learning (2020) (9)
Inside risks: the Trojan horse race (1999) (8)
Protecting privacy and liberty (2001) (8)
Risks of PKI: E-Commerce. (2000) (8)
Taking Stock: Estimating Vulnerability Rediscovery (2017) (8)
Raising Goats For Dummies (2010) (8)
Threat Modeling and Risk Assessment (2000) (8)
Securing the World Wide Web: Smart Tokens and Their Implementation (1996) (8)
Security and Function Creep (2010) (7)
Cryptanalysis of TWOPRIME (1998) (7)
The Electronic Privacy Papers (2007) (7)
The Importance of Security Engineering (2012) (7)
The speed of security (2003) (6)
The Zotob Storm (2005) (6)
Inside risks: risks of relying on cryptography (1999) (6)
The Death of the Security Industry (2007) (6)
We are all security consumers (2003) (6)
Authenticating Outputs of Computer Software Using a Cryptographic Coprocessor (1996) (6)
The Internet of Things Will Upend Our Industry (2017) (6)
Cryptanalysis of Akelarre (1997) (6)
Designing Encryption Algorithms for Real People (1994) (6)
Voting security and technology (2004) (6)
Proceedings of the 7th International Workshop on Fast Software Encryption (2000) (5)
Bugs in our Pockets: The Risks of Client-Side Scanning (2021) (5)
IT for Oppression (2013) (5)
Inside risks: risks of PKI: e-commerce (2000) (5)
Making Democracy Harder to Hack: Should Elections Be Classified as ‘Critical Infrastructure?’ (2016) (5)
Conditional purchase orders (1997) (5)
SIMS: Solution, or Part of the Problem? (2004) (5)
Cryptanalysis of SPEED (1998) (5)
Attacking Machine Learning Systems (2020) (5)
Twofish on Smart Cards (1998) (4)
A Twofish Retreat : Related-Key Attacks Against Reduced-Round Twofish (2000) (4)
Protocol Building Blocks (2015) (4)
Legal Risks of Adversarial Machine Learning Research (2020) (4)
Other Stream Ciphers and Real Random‐Sequence Generators (2015) (4)
Trust in Man/Machine Security Systems (2013) (4)
We Have Root (2019) (4)
Nonsecurity Considerations in Security Decisions (2007) (3)
Why the NSA Makes Us More Vulnerable to Cyberattacks (2017) (3)
Census of cyberspace censoring (2008) (3)
Key‐Exchange Algorithms (2015) (3)
Proceedings of the The International Conference on Smart Card Research and Applications (1998) (3)
Cyberconflicts and national security (2013) (3)
Security Weaknesses in a Randomized Stream Cipher (2000) (3)
Cybersecurity for the Public Interest (2019) (3)
Fast Software Encryption: 7th International Workshop, FSE 2000, New York, NY, USA, April 10-12, 2000. Proceedings (2001) (3)
Security, Group Size, and the Human Brain (2009) (3)
How Changing Technology Affects Security (2012) (3)
Further Observations on the Key Schedule of Twosh (1999) (3)
Inside Risks: The perils of port 80 (2001) (2)
University Networks and Data Security (2006) (2)
Cryptography in Context (2015) (2)
Authentication and Expiration (2005) (2)
Algorithm Types and Modes (2015) (2)
Cryptanalytic Progress: Lessons for AES (2000) (2)
Cryptography after the Aliens Land (2018) (2)
Public‐Key Algorithms (2015) (2)
DeadDrop/StrongBox security assessment (2013) (2)
Digital signatures (1993) (2)
Twosh on Smart Cards (2000) (2)
Technologists vs. Policy Makers (2020) (2)
How the Human Brain Buys Security (2008) (2)
Distributed Proctoring (1996) (2)
The Global Public Key Infrastructure : Terms and Concepts (1998) (2)
Networked‐Computer Security (2015) (2)
Cyberwar: Myth or Reality? (2010) (2)
Public‐Key Digital Signature Algorithms (2015) (2)
Evaluating Security Systems: A Five-Step Process (2004) (2)
Invited Talk: The Coming AI Hackers (2021) (1)
Robot Hacking Games (2022) (1)
Special Algorithms for Protocols (2015) (1)
Standards and Patents (2015) (1)
Empathy and Security (2011) (1)
Usability and Psychology 2.1 Introduction (2008) (1)
Secure Authentication with Multiple Parallel Keys (1998) (1)
The internet: Anonymous forever (2010) (1)
Airplane hackers (2003) (1)
Introduction to Cryptography (2015) (1)
Roadblocks on the information superhighway (1997) (1)
Pervasive Attack: A Threat Model and Problem Statement (2014) (1)
Ubiquitous Surveillance and Security [Keynote] (2015) (1)
Untangling public-key cryptography (1992) (1)
New Results on the Two sh Encryption Algorithm (1999) (1)
Software-Based Attestation (2011) (1)
Introduction to Cryptographic Protocols (2015) (1)
Message Authentication Codes (2015) (1)
Secrets and lies - IT-Sicherheit in einer vernetzten Welt (2004) (1)
Description of the Blowfish Cipher (1999) (0)
Smart Card. Research and Applications: Third International Conference, CARDIS'98 Louvain-la-Neuve, Belgium, September 14-16, 1998 Proceedings (2000) (0)
The field of battle: an overview (1997) (0)
Superheroes on screen: real life lessons for security debates (2020) (0)
Poor Decisions About Security (2013) (0)
The Context of Cryptography (2015) (0)
Vulnerabilities and the Vulnerability Landscape (2015) (0)
Billing and collection system for 900-numbers and procedures for on-line computer services (1996) (0)
The Committee on Homeland Security (2003) (0)
The Future of Products (2015) (0)
Subgroup Cryptosystems (2011) (0)
Still Other Block Ciphers (2015) (0)
Electronic Commerce and the Street Performer (1998) (0)
Security Policies and Countermeasures (2015) (0)
THIRD ADVANCED ENCRYPTION STANDARD CANDIDATE (2001) (0)
The perils of port 80. (2001) (0)
High-tech cheats in a world of trust (2012) (0)
Method and apparatus for secure time stamps of documents (1997) (0)
E-mail security: maintaining privacy in a world of public data transfer (1997) (0)
Security Weaknesses in Maurer-Like Randomized Stream Ciphers (2000) (0)
Afterword by Matt Blaze (2015) (0)
Surveillance, the {NSA}, and Everything (2013) (0)
E-mail security : how to keep your messages private (1995) (0)
How to save the net (2014) (0)
The Secure Channel (2015) (0)
Pseudo‐Random‐Sequence Generators and Stream Ciphers (2015) (0)
Early skirmishes (1997) (0)
Inside risks: cyber underwriters lab (2001) (0)
A Report by an Ad Hoc Group of Cryptographers and Computer Scientists & Trusted Third Party Encryption (1998) (0)
Certificates and Credentials (2015) (0)
Introduction to Security and Applied Cryptography (2006) (0)
Reviews (2007) (0)
Special issue on security and trust management for dynamic coalitions (2010) (0)
Hacking the Tax Code (2020) (0)
Unnoticed Consent [Last Word] (2018) (0)
Number 25 (2019) (0)
The Dream of PKI (2015) (0)
Cyber underwriters lab. (2001) (0)
The crypto bomb is ticking (1998) (0)
Resources on Existential Risk General Blockinscholarly Blockindiscussion Blockinof Blockinexistential Blockinrisk (0)
An Alternate Key Scheduling Algorithm for Blowfish and its Performance Analysis (2019) (0)
The Human Factor (2015) (0)
Electronic speech—for domestic use only (1997) (0)
Speaker Biometrics (2009) (0)
Product Testing and Verification (2015) (0)
Implementation Issues (I) (2015) (0)
Lottery system with off-line remote computers (1996) (0)
What Will It Take? (2021) (0)
Security Savvy: A Visual Guide (2005) (0)
4 Our Solution : The Street Performer Protocol 4 . 1 (1998) (0)
The Security Value of Muddling Through (2015) (0)
On the Two sh Key Schedule (1998) (0)
Implementation Issues (II) (2015) (0)
The Real World (2015) (0)
Machine Learning Featurizations for AI Hacking of Political Systems (2021) (0)
Coalition Letter to President Obama Urging Support for Encryption (2015) (0)
Other Block Ciphers (2015) (0)
Copy protection for portable music play equipment (2000) (0)
CC3: An Identity Attested Linux Security Supervisor Architecture (2015) (0)
Speaker Identification and Verification (SIV) (2011) (0)
Combining Block Ciphers (2015) (0)
Identification and Authentication (2015) (0)
Coalition Petition to the U.S. Department of Education to Amend 34 CFR Part 99 to Establish a Data Security Rule (2016) (0)

This paper list is powered by the following services:

Other Resources About Bruce Schneier

What Schools Are Affiliated With Bruce Schneier?

Bruce Schneier is affiliated with the following schools:

What Are Bruce Schneier's Academic Contributions?

Bruce Schneier is most known for their academic work in the field of computer science. They are also known for their academic work in the fields of physics, mathematics, and literature.

Bruce Schneier has made the following academic contributions: