Why "carnivore" type systems can't be (entirely) open
source
David Parkinson
dparkins at alien.bt.co.uk
Mon, 05 Feb 2001 15:58:29 +0000
At 03:02 PM 05-02-01 +0000, Brian Gladman wrote:
>From: "David Hansen" <davidh@spidacom.co.uk>
>To: <ukcrypto@chiark.greenend.org.uk>
>Sent: Monday, February 05, 2001 9:05 AM
>Subject: Re: Why "carnivore" type systems can't be (entirely) open source
>
> > On 3 Feb 01, at 23:49, Brian Gladman wrote:
> >
> > > And dishonest men sell broken ones with known weaknesses that are
> > > hidden by STO.
> >
> > A perfect description of Lotus Notes, as was it the Swedish
> > government found out.
>
>Thank you, David, for reminding us of that example. And this of course is
>just one that slipped out into the open.
There was no obscurity here - the Swedish Government just didn't read
the data sheets properly. The "feature" was publicised under the
description "differential workfactor cryptography" and was never hidden.
A quick search with Google gives me:
http://www.attrition.org/~wrlwnd/crypto/nsa/lotus.notes.nsa.backdoor.txt
in which we find a copy of a Keynote speech given at the opening of the
RSA Data Security Conference '96 (Jan. 17, 1996 ). In this we find:
"...This is just such a compromise. Lotus Notes Release 4, which is
now shipping, utilizes a new method of security that we're referring
to as "Differential Workfactor Cryptography." It is a conceptually
simple solution that addresses two problems at the same time...."
The Swedish Government apparently woke up in November 1997 - nearly
two years later!
David