GUIs: Control, Conveyance, Continuity, and Context

I'm a sucker for basic principles distilled into pithy prescriptions. A freelance writer, Brian Boyko, has distilled the basic features of graphical user interfaces (GUIs) into four principles: Control, Conveyance, Continuity, and Context. He uses them to structure a well-reasoned though shrill critique of Windows 8. I've just checked a few of my favorite usability... Continue Reading →

Pragmatic Security: the history of the Visa card

I've been looking at the evolution of electronic funds transfer (EFT) and payment systems recently. My research uncovered a gem: about two years ago, David Stearns completed a dissertation that looks at the early evolution of the Visa card (originally "Bank Americard") in the context of other evolving electronic payment systems. Stearns' work is both... Continue Reading →

Boak’s Puzzle: Disposing of Classified Trash

Recently I was skimming through the NSA's "classified history of COMSEC" (Volume 1 and Volume 2).  This "history" is a transcription of lectures by David G. Boak, who liked to explain NSA-related topics from a historical perspective. He clearly inspired a generation of NSA's employees. The last "real" page of the document contains a humorous story... Continue Reading →

Real-world document encryption

I've been reviewing histories of cryptography recently and here's an interesting thing about pre-computer encryption: it's almost entirely used for communications security. People encryptedmessages, but they rarely encrypted documents. I've finally found a few real-world cases: encrypted diaries. BBC did a short segment on them last summer. But I'm still looking - there must be... Continue Reading →

Design Patterns for Identity Systems

These are design patterns in the Christopher Alexander sense rather than the object oriented design sense: they address the physical and network environment rather than focusing on software abstractions. The patterns were introduced in my book Authentication. There are four patterns: local, direct, indirect, and off-line. Here is a brief description of each authentication pattern:... Continue Reading →

Stream Cipher Reuse: A Graphic Example

Take a look at the following image. You should see two different 'messages' here. This particular mish-mash of messages reflects the failure of otherwise strong cryptography: the improper implementation of a one-time pad or a stream cipher. This same mistake let American cryptanalysts decode thousands of Soviet spy messages in the 1940s and -50s. The... Continue Reading →

One-Time Pads

The one-time pad is the only encryption technique that has been mathematically proven to be uncrackable. While hard to use, it has often been the choice for highly sensitive traffic. Soviet spies used one-time pads in the 1940s and -50s. The Washington-Moscow "hot line" also uses one-time pads. However, the technique is hard to use... Continue Reading →

Create a website or blog at

Up ↑