Why "carnivore" type systems can't be (entirely) open source

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Fri, 2 Feb 2001 18:55:01 -0000 

From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Sunday, January 28, 2001 8:57 PM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source

[snip]
> > > Since many secure algorithms do exist despite them being public
> > > knowledge, there is no substance to the argument that obscurity
> > > helps, and usually (almost always, in practice) it hinders because
> > > limited scrutiny is far more dangerous than excessive scrutiny.
> > >
> > > That, if I may say so, is more a statement of hope that a statement
> > > of fact.  Who knows? What *is* known is that no one has found a
> > > crack and published it widely.
> >
> > Interestingly enough, you appear to have demolished that part of your
> > own case which is based on GSM; all one knows about GSM is that
> > (prior to Shamir's paper) no-one had publicised a crack widely.
>
> You seem to miss the point. Without STO, the coding of A5 etc. would have
> been 'widely' known even before the system was deployed. Ergo, it is
> reasonable to assume that a crack would have been found after about as
> much time as between the publication of the actual crack from the
> knowledge of GSM cipher that was widely distributed among those
> outside govt service with an interest in crypto. The marked difference
> between the release of knowledge to crack time and the GSM development
> to 1999 can only be attributable, in the main, to the somewhat maligned
> use of STO.   My 'case' is not based on GSM. However, since Ben
> introduced GSM into the discussion, it was convenient to make an
> example with it.

The more important point here is that STO in this case was being used to
protect a deliberate 'designed in' insecurity.  It is hence a very good
example of a typical use of STO.

I don't think that anyone disputes the value of STO in hiding design
insecurity and this is precisely why it is a completely discredited approach
when the objective is the exact opposite.

Anyone who argues that security is enhanced when STO is used to protect
the 'security' available from deliberately broken cipher  algorithms is
logically
correct (in limited circumstances) but has evidently sold their soul to the
devil.

   Brian