On 6 Jul 96 at 16:56, eli+@gs160.sp.cs.cmu.edu wrote:
http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html "If we believe the encryption scheme has been compromised, we will make another one." [..] They have to give you the list, and they have to give you software that uses it, so there's no way to achieve complete secrecy. I think the best they can do is to distribute a list of hashed URLs.
What? After they paid for the rights to use "Infinite Vigniere Key" Technology.... I'm surprised that they went so far as to try to encrypt the naughty URLs list (but some kids would get off on just reading the list alone anyway). Hashing could be problematic... how to differentiate between a site and it's users. www.pornopix.com is obvious, but the directory tree of www.localisp.com/~perv/mypix/ is harder to filter out with hashing if subdirectories or specific images are called up, unless the software has a way to differentiate between sites and specific users or directories on those sites. (I wonder if the software can tell that ~perv/ and /users/home/perv/ or /home/perv/ can be the same directory on some systems? That would be an interesting flaw. Has anyone hacked with the software?) Another problematic with Net-Nurse type software: a database of naughty sites and naughty users... a real goldmine for prosecutors. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto) AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com> Send a message with the subject "send pgp-key" for a copy of my key.