At 07:08 AM 7/28/01 -0700, Ray Dillinger wrote:
On Fri, 27 Jul 2001, David Honig wrote:
You can create an executable, with source code, package it up and send it to the copyright owner with a note that says "your protection is broken: here's the proof."
How about dropping them a note to send an engineer to DefCon?
Not a problem -- as long as what you're making available to the public at DefCon is not a program that script kiddies can download and use to break stuff.
What's a 'program' in the above sentence? Is source a program? Source without the main() and #includes? Source with an intentionally missing ';'? Precise english description of an algorithm? Math? What exactly are the limits of a 'script kiddie'?
You can shout at the top of your lungs that their crypto is broken, on all kinds of forums.
Might be libel if not true.
Oh, yeah, feature them suing you for libel, and then watching aghast as you enter "exhibit A" -- the source code -- into the trial and the public record. If it successfully decrypts their stuff, it proves that what you said is true. It also goes all over the internet within about twenty minutes.
So they get Mr. Judge to seal the docs.
Bear in mind that these people are not dealing from a position of strength, as long as their crypto is actually broken.
Tell that to Dmitri. :-<