At 02:41 PM 8/30/01 -0400, Faustine wrote:
>And by the way, if you're going to question 
>SafeWeb for cooperating with CIA, you might as well criticize ZeroKnowledge 
>for selling a boatload of the Freedom beta to the NSA in 1999 as well. What 
>did they think they wanted it for, farting around on Usenet? I bet they had 
>that sucker reverse-engineered and compromised in two minutes flat. 

Were you intending to insult ZK authors[1]?  

The spooks would have studied the tool and its design, and set up a test
net to study the traffic. Depending on their resources and the
interesting-ness of the ZK-using 'targets
in the field' they would have thought about what can be recovered from
observations and interventions.  As they do with everything, from code to

Maybe they would, in 2 minutes, look at it and say, "oh, well, they
used the Foobar library's implementation of RSA, and we know how to exploit
a bug in that version, and can leverage that to break their scheme, 
so all their zero knowledge is ours".  Or "lookee here, they didn't check
a buffer overflow and we can 0wn their nodes" But exploration takes
time, especially for a system designed from start to resist.  Unless you
think they're magic.

[1] I'm not one, nor do I know any

Reply via email to