Nice list! One I’d add: one of my all-time favorite cryptography-related quotes is from Bruce Schneier‘s Applied Cryptography, talking about key length:

> These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Full context: https://www.schneier.com/blog/archives/2009/09/the_doghouse_...

That argument only applies to irreversible computation. The errata for Applied Cryptography corrects this:

> The section on "Thermodynamic Limitations" is not quite correct. It requires kT energy to set or clear a single bit because these are irreversible operations. However, complementing a bit is reversible and hence has no minimum required energy. It turns out that it is theoretically possible to do any computation in a reversible manner except for copying out the answer. At this theoretical level, energy requirements for exhaustive cryptanalysis are therefore linear in the key length, not exponential.

My two favorites aren't on the list, perhaps because they were never put in these exact words or they are mis-attributed:

"Cryptography is not magic pixie dust that you can sprinkle on a system to make it secure" -Bruce Schneier [? - couldn't find a good source]

"If you think cryptography will solve your problem, either you don't understand cryptography, or you don't understand your problem." -Roger Needham / Peter G. Neumann

I just dug around a bit to find the likely source of the "crypto magic pixie dust" quote, and I think it's Gary McGraw. He uses that phrase a lot, and a search of "crypto fairy dust" in Google Books brings up books by him dating as far back as 1999.

Can I add mine that still holds true in 2019:

Largest number factorized using quantum computers, if we only count algorithms that can theoretically scale into cryptographic levels, is 21.

Do you have an authoritative citation for that? For 2018 rather than 2019 would be fine. I've heard orders-of-magnitude higher claims, but haven't been able to find any report of them.

Please explain it.

Every day you hear doomsday predictions about end of the crypto as we know it because of the quantum computers. Reality is that largest factored integer using quantum computers to this day is 21. There are some larger numbers around 100k factored but those use algorithms that will never scale into crypto levels.

Great list -- one more:

Cryptographers love tradition. If we were to use “Andy” and “Barbara” as the principals, no one would believe anything in this chapter. -- Andrew S. Tanenbaum

Thanks,

But cryptographers only love math and “Andy” and “Barbara” are friends of "Alice" and "Bob"!

[1] https://www.schneier.com/blog/archives/2012/09/replacing_ali...

[2] http://cryptocouple.com/

My favourite quote is from cperciva:

"The purpose of cryptography is to force the US government to torture you."

It's not strictly relevant but there's a quote my dad used to like, apparently from Mark Twain, but who knows. I'm paraphrasing: "two people can keep a secret as long as one of them is dead"

Or maybe Benjamin Franklin?[1]

[1] https://www.brainyquote.com/quotes/benjamin_franklin_162078

"There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files."

— Bruce Schneier

I respectfully disagree... <g>

"There are three (3) kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, cryptography that will stop major governments from reading your files, and finally, the strongest cryptography -- cryptography that will stop Bruce Schneier -- from reading your files." <g>

(Bruce Schneier = Cryptography's Chuck Norris...<g>)

((And the third such cryptography, if it exists... will be found to have been created by -- you guessed it -- Bruce Schneier! <g>))

Yeah, A Bruce Schneier Fact.

[1] https://www.schneierfacts.com

Was surprised not to find "people are a poor source of entropy," on the list. I'm quite sure I didn't coin that, and it's practically an amendment to the Kirchoff priniciples, just don't know who said it.

Thanks,

I will add this comic strip.

Excellent list - I immediately ctrl+f'd for Schneier's law as it's my favorite crypto axiom.

My only suggestion would be adding: "Crypto is like catnip for programmers."[1]

[1] https://blog.pinboard.in/2013/04/the_matasano_crypto_challen...

Something about the effectiveness of rubber-hose cryptanalysis[1] would also be a good fit for this list.

[1]: https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

Thanks,

I add XKCD Comic about rubber-hose and Black-bag cryptanalysis[1].

[1] https://xkcd.com/538/

> Security wins many battles but loses the security war. We are definitely going backwards in computer security.

> — Adi Shamir

Source/context for this quote? I do find myself agreeing, but as this seems somewhat more atypical view I'd love to read more about it. Best source I found was this short article about RSA2007 conference, but I couldn't find the referenced panel discussion recorded or transcribed anywhere.

https://www.zdnet.com/article/rsa-2007-keynotes-notable-quot...

Overall I think these sorts of quote collections would be massively more useful if they'd contain verifiable sources.

The video of RSA's cryptographers' panel 2007 is unavailable. This quote was named "Shamir's Law": Every 18 months security gets half as good. Adi's quote (and fear) is about APT[1] and mass surveillance[2].

[1] https://en.wikipedia.org/wiki/Advanced_persistent_threat

[2] https://en.wikipedia.org/wiki/Mass_surveillance

I think this should take the cake: "We kill people based on metadata.", Gen Michael Hayden(Frmr NSA Director).

There are some really good ones I haven't heard before:

>> You voice is always heard - NSA.

That made me chuckle.

Your comment has been read. - NSA and other big brothers :-)

I belive I said the first quote many times during my college years.