@SteveBellovin, do you have any objection to me blogging on a site named rethinking-security.org ? If you do object, I will find another name. And I will make it clear that I am not you, but that the name is an allusion to Thinking Security.
I want to talk about cases where conventional wisdom (in various circles) may need some rethinking.
@SteveBellovin, when I was at 1Password, I ran a “book club” for the security team using “Thinking Security”. I was able to fill in for details that were out of date.
The next year I did the same with @veorq’s “Serious Cryptography”.
(Hey, JP. It's an outstanding book, but my most serious recommendation for a 3rd edition is that you do RSA after EC and ECDH. Understanding why RSA works requires all the math of DH and more.) You can find my slides on those chapters at https://jpgoldberg.github.io/sec-training/ )
@SteveBellovin, I also had the pleasure of explaining many of the jokes and allusions to a younger generation.
For example, you mentioned the Bank of San Seriffe. This led not only to me explaining that number of digits of decimal expansion of 𝜋 I know depends of the number of bugs found in TeX, but on the dangers of using knowledge of a record locator, such as a bank account numbers, as an authentication proof.
@SteveBellovin, I helped my kid set up this minor prank at school
Teacher: Calculators are not allowed during this exam.
My kid: [pulls out a slide rule from backpack.] Is this allowed?
No one but the teacher got it.
This also reminds me of some of the difficulties I've had teaching some Cryptography basics. I have to (re)teach logarithms instead of merely reminding people how they work. Slide rules at least remind you of the magic of turning multiplication into addition.
Jeffrey Goldberg
Steve Bellovin