Re: NYT/CyberTimes on CWD article

["Deranged Mutant" <WlkngOwl@unix.asb.com>]

On  6 Jul 96 at 16:56, eli+@gs160.sp.cs.cmu.edu wrote:

> >http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html
> >              "If we believe the encryption scheme has
> >              been compromised, we will make another
> >              one."
[..]
> They have to give you the list, and they have to give you software
> that uses it, so there's no way to achieve complete secrecy.  I think
> the best they can do is to distribute a list of hashed URLs.

What? After they paid for the rights to use "Infinite Vigniere Key" 
Technology....

I'm surprised that they went so far as to try to encrypt the naughty 
URLs list (but some kids would get off on just reading the list alone 
anyway).

Hashing could be problematic... how to differentiate between a site 
and it's users.  www.pornopix.com is obvious, but the directory tree 
of www.localisp.com/~perv/mypix/ is harder to filter out with hashing 
if subdirectories or specific images are called up, unless the 
software has a way to differentiate between sites and specific users 
or directories on those sites.

(I wonder if the software can tell that ~perv/ and /users/home/perv/ 
or /home/perv/ can be the same directory on some systems? That would 
be an interesting flaw. Has anyone hacked with the software?)

Another problematic with Net-Nurse type software: a database of 
naughty sites and naughty users... a real goldmine for prosecutors.


Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.