- Robert Morris (cryptographer)
Robert "Bob" H. Morris is an American
cryptographer. He received a bachelor's degreein mathematicsfrom Harvard Universityin 1957 and a master's degreein mathematicsfrom Harvard in 1958. He was a researcher at Bell Labsfrom 1960 until 1986, when he began work at the National Security Agency(NSA). He served as chief scientist of the NSA's National Computer Security Center, where he was involved in the production of the Rainbow Seriesof computer security standards, and retired from the NSA in 1994. [ [http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1089783 The data encryption standard—Retrospective and prospects] , R. Morris, "IEEE Communications" 16, #6 (November 1978), pp. 11–14.] [ [http://www.ieee-security.org/Cipher/PastIssues/1995/issue9509/issue9509.txt IEEE "Electronic CIPHER" 9 (1995-09-18)] ] [ [http://www.auug.org.au/events/1998/auug98/ AUUG 98 Conference Information and Registration Form] , accessed on line November 29, 2007.] He is the father of Robert Tappan Morris, who wrote the (in)famous 1988 Morris Worm.
Morris contributed to early versions of
UNIX. He wrote the math library, the program
crypt, and the password encryption scheme used for user authentication. [ [http://cm.bell-labs.com/cm/cs/who/dmr/crypt.html Dabbling in the Cryptographic World--A Story] ,
Dennis Ritchie, May 5, 2000, Bell Labs. Accessed on line November 29, 2007.] The encryption scheme was based on using a trapdoor function(now called a key derivation function) to compute hashes of user passwords which were stored in the file
/etc/passwd; analogous techniques, relying on different functions, are still in use today. [ [http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps "Password Security: A Case History" by Robert Morris and Ken Thompson (1978)] ]
There is a description of Morris in
Clifford Stoll's book "The Cuckoo's Egg".Many readers of Stoll's book remember Morris for giving Stoll a challenging mathematical puzzle(originally due to John H. Conway) in the course of their discussions on computer security: "What is the next number in the sequence 1 11 21 1211 111221?" (known as the look-and-say sequence). Stoll chose not to include the answer to this puzzle in "The Cuckoo's Egg", to the frustration of many readers. [ [http://www.ocf.berkeley.edu/~stoll/number_sequence.html FAQ about Morris Number Sequence ] ]
* Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.
* Rule 1 of cryptanalysis: check for
plaintext. [ [http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html "Notes on Crypto '95 invited talks by R. Morris and A. Shamir" by Jim Gillogly and Paul Syverson] ]
* The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. [p. 1, "Inside Java 2 Platform Security: Architecture, API Design, and Implementation", Li Gong, Gary Ellison, and Mary Dageforde, Boston: Addison-Wesley, 2003, 2nd ed., ISBN 0201787911.]
* (with Fred T. Grampp) UNIX Operating System Security, "AT&T Bell Laboratories Technical Journal", 63, part 2, #8 (October 1984), pp. 1649–1672.
Dennis Ritchie's "Dabbling in the Cryptographic World" tells the story of cryptographic research he performed with Morris, and why that research was never published.
Wikimedia Foundation. 2010.