Why "carnivore" type systems can't be (entirely) open source
Brian Gladman
Brian Gladman" <brg at gladman.plus.com
Thu, 8 Feb 2001 08:34:12 -0000
From: "Brian Gladman" <brg@gladman.plus.com>
To: "UK Crypto Posting" <stevee+brg@slimy.greenend.org.uk>
Sent: Wednesday, February 07, 2001 3:54 PM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source
[snip]
> We agree at least on most of this! In fact making the cipher fully secure
> would help some users but I agree not many. In a sense this was the
biggest
> con trick of all - putting the crypto in was giving an impression of good
> security where there was none.
>
> This con is now an almost universal one. My bank tells me that I have '128
> bit security' when I log on when I know that even if the system is perfect
> my eight character password can be guessed with a probability of no less
> than (2^8)^8 - 2^64 bits of security (in practice a great deal less).
This
> is a billion, billion, billion,....., billion times less security than
they
> are advertising.
My thanks to those who have pointed out that I got this maths wrong - I am
only getting about a million, billion, billion times less security than is
adsvertised!
Brian