[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security by Not Peeking



On "Reverse Engineering":

These "click to accept" software licenses which prohibit one from
examining code in ones possession have always struck me as the height of
absurdity.

It's much like a book held shut with a small strip of masking tape, upon
which is printed "By Removing This Tape And Opening This Book, Reader
Agrees Not to Read Page 36."

If millions of such books were made available for free to anyone who
wanted a copy, with no tracking whatsoever of who got their hands on them,
it would be laughable for anyone to claim that such a trick created a
legally enforceable contract, or that the public dissemination of the
contents of "Page 36" could only have been based on some sort of illegal
act.

A contract is something signed by two parties which involves
consideration.  "Please don't peek at my code" is not a contract. Neither
is "Opening the box constitutes your agreement not to peek at my code", or
any number of equally silly variations.

> You are overlooking the EFF's attempt to argue that the decryption 
> algorithm could have been deduced without reverse engineering, requiring
> only "reasonable diligence", given the ciphertext and keys, and that
> this would be a "simple" task for a skilled cryptanalyst.

Given that the algorithm was a very quick and dirty stream cipher,
selected for its exportablity and low computational overhead, this may
very well be a reasonable point to make.  The EFF is not saying that all
cipher algorithms may be deduced by a "skilled cryptanalyst" inspecting
their ciphertext, plaintext, and keys.  Just that the one used by CSS can.

It's sad that the CSS people now have nothing of value to license, but
"security by making people promise not to peek" is worse even than the
dreaded "security by obscurity."  Since it generally held that one cannot
make money by designing a new cipher, their business model was doomed from
its inception. 

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"