On Mon, 6 Nov 2000, Jim Choate wrote:
On Mon, 6 Nov 2000, Alex B. Shepardsen wrote:
Would GSM have been broken if the researchers couldn't have taken credit for it?
Yes. There would have been a very increased motivation for doing so by many groups who would benefit from being the only part who had the information.
Ah, but would you or I know that it had been broken? You've missed my point, Choate. Public disclosure of security vulnerabilities happens because of researchers and groups who work for recognition.
Profit is a strong motive.
If people cannot gain recognition for having broken a system, they will not profit from revealing that said system is broken, unless perhaps they are the developers of a competing system. So, perhaps Sprint or AT&T or one of the CDMA/TDMA cell network providers would have put researchers on the problem of breaking A5/1... but who else would have had the motivation *and* would benefit from the public knowing that it wasn't secure? And besides, I think it would probably have been less legal for Sprint to reverse-engineer GSM than the SDA/Berkeley folks. So my point stands. Systems will still be broken, but will be broken by the "bad guys" and the public will not be notified. Alex