1993-09-28 - Re: Verilog encryption broken
Header Data
From: markh@wimsey.bc.ca (Mark C. Henderson)
To: Bruce R Koball <cypherpunks@toad.com
Message Hash: 5a1ac7d8b81ed4449c3e0997ccc9644e8fd75d8f4059cafbbf77e74d37fd13bc
Message ID: <m0ohWe6-0001EbC@vanbc.wimsey.com>
Reply To: N/A
UTC Datetime: 1993-09-28 04:31:23 UTC
Raw Date: Mon, 27 Sep 93 21:31:23 PDT
Raw message
From: markh@wimsey.bc.ca (Mark C. Henderson)
Date: Mon, 27 Sep 93 21:31:23 PDT
To: Bruce R Koball <cypherpunks@toad.com
Subject: Re: Verilog encryption broken
Message-ID: <m0ohWe6-0001EbC@vanbc.wimsey.com>
MIME-Version: 1.0
Content-Type: text/plain
> A recent anonymous posting in the comp.lang.verilog newsgroup on Usenet
> has generated a raging controversey and threatens to shake up the
> electronic design automation (EDA) community. The posting was a program
> that broke the encryption scheme used to protect the proprietary
> libraries that are part of Cadence Design Systems high-end IC design
> tool Verilog-XL. Verilog is a sophisticated CAD tool that allows
...
This does bring up an interesting ethical question.
What should one do when one discovers that a vendor is marketing
an encryption scheme for the protection or to limit the use of
specific information, which is easy to break.
Obviously, one is neither doing the vendor nor the customers of that
vendor a favour by posting a detailed account of the weakness of
the system.
One the other hand, if one justs sits on the information, it is clear
that other people will be able to deduce the weakness in the system
and actually use it to steal information; and why not, I suppose
anyone who puts trust in "smoke and mirrors security" probably
deserves exactly what they get.
The world abounds with weak encryption algorithms which are being
used to protect information of consderable value. The case with
Verilog, and their use of an easily "crackable" scheme is far from
unique.
Still I don't have an answer. Say one discovers that a vendor is
protecting its customers' information using a simple "crackable"
linear encryption function. Is that information something to reveal,
something to keep secret or what? If one were to approach the
vendor in question with that kind of information, I can imagine
all sorts of legal entanglements that might arise.
There are other instances which are similar. Information on the
(in)security of various operating systems comes to mind.
Comments?
--
Mark Henderson markh@wimsey.bc.ca (personal account)
RIPEM key available by key server/finger/E-mail
MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433
Thread
Return to September 1993
- Return to “bill@twwells.com (T. William Wells)”
- Return to “khijol!erc (Ed Carp)”
Return to “markh@wimsey.bc.ca (Mark C. Henderson)”
- 1993-09-28 (Mon, 27 Sep 93 21:31:23 PDT) - Re: Verilog encryption broken - markh@wimsey.bc.ca (Mark C. Henderson)
- 1993-09-28 (Tue, 28 Sep 93 00:11:24 PDT) - Re: Verilog encryption broken - bill@twwells.com (T. William Wells)
- 1993-09-28 (Tue, 28 Sep 93 01:16:19 PDT) - Re: Verilog encryption broken - khijol!erc (Ed Carp)
- 1993-09-28 (Tue, 28 Sep 93 00:11:24 PDT) - Re: Verilog encryption broken - bill@twwells.com (T. William Wells)