On Sat, 28 Jul 2001, David Honig wrote:
Not a problem -- as long as what you're making available to the public at DefCon is not a program that script kiddies can download and use to break stuff.
What's a 'program' in the above sentence? Is source a program? Source without the main() and #includes? Source with an intentionally missing ';'? Precise english description of an algorithm? Math? What exactly are the limits of a 'script kiddie'?
Oh, please, let's not get into specious crap. I'm totally familiar with the concept that "source code" is considered by some to be a gray area. To me, the distinction is relatively clear. Source code is what enables someone to do X whether or not they understand X. You don't have to understand the weaknesses in a cryptosystem to correct a few syntax errors, figure out what standard libraries to include, or do a conversion between different forms of the source with a perl script. I mean, the code could *help* you understand it, if you were inclined to read it for content -- but if you can get it working without understanding what it does, it probably violates the law. Communication, on the other hand, is what enables someone to *understand* X. And yes, a lot of people, myself included, can and do use source code to communicate ideas. Does it piss me off that this mode of communication is made unavailable by this law? Yes. Am I stupid enough to not figure out what the law means? No.
Bear in mind that these people are not dealing from a position of strength, as long as their crypto is actually broken.
Tell that to Dmitri. :-<
Dmitri released an executable *before* he had the excuse of being required to produce it as evidence. Plus he's a foreign national on US soil, whose government is willing to be anally raped with a two-by-four if they think it will get them more US financial aid. They have evidently left him twisting in the wind. That is not a position of strength. Bear