On Fri, 27 Jul 2001, David Honig wrote:
You can create an executable, with source code, package it up and send it to the copyright owner with a note that says "your protection is broken: here's the proof."
How about dropping them a note to send an engineer to DefCon?
Not a problem -- as long as what you're making available to the public at DefCon is not a program that script kiddies can download and use to break stuff.
You can shout at the top of your lungs that their crypto is broken, on all kinds of forums.
Might be libel if not true.
Oh, yeah, feature them suing you for libel, and then watching aghast as you enter "exhibit A" -- the source code -- into the trial and the public record. If it successfully decrypts their stuff, it proves that what you said is true. It also goes all over the internet within about twenty minutes. Bear in mind that these people are not dealing from a position of strength, as long as their crypto is actually broken. The only evidence you need is precisely the evidence they don't want on the public record. And if it's produced for the first time in your own defense, in a court of law, I don't think they can press criminal charges on you for producing it. Bear