At 02:41 PM 8/30/01 -0400, Faustine wrote:
And by the way, if you're going to question SafeWeb for cooperating with CIA, you might as well criticize ZeroKnowledge for selling a boatload of the Freedom beta to the NSA in 1999 as well. What did they think they wanted it for, farting around on Usenet? I bet they had that sucker reverse-engineered and compromised in two minutes flat.
Were you intending to insult ZK authors[1]? The spooks would have studied the tool and its design, and set up a test net to study the traffic. Depending on their resources and the interesting-ness of the ZK-using 'targets in the field' they would have thought about what can be recovered from observations and interventions. As they do with everything, from code to routers. Maybe they would, in 2 minutes, look at it and say, "oh, well, they used the Foobar library's implementation of RSA, and we know how to exploit a bug in that version, and can leverage that to break their scheme, so all their zero knowledge is ours". Or "lookee here, they didn't check a buffer overflow and we can 0wn their nodes" But exploration takes time, especially for a system designed from start to resist. Unless you think they're magic. [1] I'm not one, nor do I know any