Why "carnivore" type systems can't be (entirely) open source

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Fri, 2 Feb 2001 12:43:04 -0000 

From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Sunday, January 28, 2001 8:57 PM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source


> ----- Original Message -----
> From: "Tom Thomson" <tthomson@linkguard.com>
> To: <ukcrypto@chiark.greenend.org.uk>
> Sent: 01 February 2001 19:47
> Subject: RE: Why "carnivore" type systems can't be (entirely) open source
>
>
> > > > Relying on lack of knowledge of your algorithms when you are placing
> > > > those algorithms in the hands of your adversary is bound to lead to
> > > > tears, as the lack of knowledge is strictly a temporary thing.
> > >
> > > Done reasonably well it buys time (see GSM). The core issue is the
> > > probability of whether, in the implementation one has in mind, it
gains
> > > sufficient time to serve one's purpose. See argument re. GSM and also
> > > (later) re. software offered on the open market.
> > >
> > > >Since many secure algorithms do exist despite them being public
> > > knowledge,
> > > > there is no substance to the argument that obscurity helps, and
> usually
> > > > (almost always, in practice) it hinders because limited scrutiny is
> far
> > > > more dangerous than excessive scrutiny.
> > >
> > > That, if I may say so, is more a statement of hope that a
> > > statement of fact.
> > > Who knows? What *is* known is that no one has found a crack and
> > > published it
> > > widely.
> >
> > Interestingly enough, you appear to have demolished that part of your
own
> > case which is based on GSM; all one knows about GSM is that (prior to
> > Shamir's paper) no-one had publicised a crack widely.
>
> You seem to miss the point. Without STO, the coding of A5 etc. would have
> been 'widely' known even before the system was deployed. Ergo, it is
> reasonable to assume that a crack would have been found after about as
much
> time as between the publication of the actual crack from the knowledge of
> GSM cipher that was widely distributed among those outside govt service
with
> an interest in crypto. The marked difference between the release of
> knowledge to crack time and the GSM development to 1999 can only be
> attributable, in the main, to the somewhat maligned use of STO.
>
> My 'case' is not based on GSM. However, since Ben introduced GSM into the
> discussion, it was convenient to make an example with it.

The more important point here is that STO in this case was being used to
protect a deliberate 'designed in' insecurity.

It is hence a very good example of a typical use of STO.  I don't think that
anyone disputes the value of STO in hiding design insecurity and this is
precisely why it is a completely discredited approach when the objective is
the opposite.

Anyone who argues that security is enhanced by using STO to protect the
'security' available from deliberately broken cipher algorithms is logically
correct in certain circumstances but has clearly sold their soul to the
devil.

   Brian