Re: EFF misstatements in DeCSS brief

[daw@cs.berkeley.edu (David Wagner)]

In article <20000109094006.12453.qmail@nym.alias.net>,
lcs Mixmaster Remailer  <mix@anon.lcs.mit.edu> wrote:
> Even if these complete misstatements of the facts were correct, we are
> then presented with the claim that given large samples of encrypted
> data and valid decryption keys, "the task of determining what decryption
> process will give back the original data is simple for those skilled in
> the art of cryptanalysis."
> 
> Bullshit!
> 
> Even if we were given ciphertext and decryption keys (which we're not),
> determining the "decryption process" (i.e. the decryption algorithm) and
> recovering the original data would be a highly difficult and uncertain
> task.

My reading of the EFF brief was that they were arguing that
reverse engineering the CSS is "simple for those skilled in
the art", and especially more so when ciphertexts, key material,
and knowledge of plaintext data formats are readily available
to the reverse engineer.  In my experience, that claim is right
on the money.  (`simple yet tedious' might be slightly more
descriptive, but `simple' is close enough.)

Are you suggesting that the brief is intentionally set out to
deceive the court?  If so, that'd be very bad form, but I didn't
get that impression at all -- I didn't notice anything nefarious
or deceptive in the EFF brief.

Maybe the confusion comes from the brief's usage of the word
"cryptanalysis".  I agree that many people in the field probably
wouldn't use the word "cryptanalysis" to include "reverse engineering",
but it's a close call, and I guess so long as you pick a consistent
usage, either choice is ok.  (Technically speaking, it's not clear
whether the brief was arguing that anyone skilled in the art of
cryptanalysis is also likely to be skilled enough at reverse engineering,
or whether they were including reverse engineering as part of
cryptanalysis, but either way, I don't see any major problems.)

Am I overlooking something?