Why "carnivore" type systems can't be (entirely) open source
Brian Gladman
Brian Gladman" <brg at gladman.plus.com
Thu, 8 Feb 2001 00:25:48 -0000
From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, February 07, 2001 9:26 PM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source
> STO has, for convenience, been adopted in this thread as the acronym for
> 'security through obscurity'. Had not the medium strength cipher in GSM
been
> protected for many years from cracking by the fact that it took
determined,
> knowledgeable outsiders that long to penetrate the obscurity of the cipher
> design, GSM's privacy would have been breached at will by all the heavy
> private dicks and minor govt snoops who would have loved to have done so.
It
> is STO and some pretty fine calculation of the delay to a crack that
should
> be caused thereby that made GSM the success it has been.
You cannot know how fast or how slow others have been in finding the
weaknesses in the GSM cryptography. Most of the groups that would wish to
do this would most certainly not advertise the fact that they had found a
way in through this path.
As I have said before, people on this list are educated enough to work out
the motives and the consequences of deploying a weak cipher in GSM.
It was the communications functionality that that made GSM a success. It
seems to me extremely unlikely that its security (or lack of it) had any
significant impact on its success one way or the other.
Brian