From: Kragen Sitaker (email@example.com)
Date: Thu May 04 2000 - 13:26:17 PDT
I thought the most interesting paragraph of this article
this (from ):
> For Benchmark, the primary corroboration of Atalla's cryptographic
> claims had come from the former chief technology officer of Price
> Waterhouse, who had positively raved about TriStrata's technology. And
> Beirne had accompanied Andersen Consulting's best cryptographic expert
> on his first visit to the company, and his report had been positive
> too. The better the technology looked, the easier it was to explain the
> company's undeveloped business plans and financial models.
Now, I'm no expert cryptographer, but as soon as I saw the words
"one-time pad", I suspected that this was yet another
XOR-with-output-of-rand() kindergarten-cryptography snake-oil scam.
When I finished the paragraph, I was sure of it.
So Andersen Consulting and Price Waterhouse had employees with no
qualifications whatsoever --- not even the ability to recognize obvious
snake oil --- evaluating this scheme. And Andersen claimed their
employee was a "cryptographic expert".
I spent 90 days working for Keane, a company very much like Andersen.
I attended one of their basic management seminars; I remember one event
from that seminar quite distinctly. The lecturer was making the point
that management was more important than technology; he asked, "Has
anyone here ever seen a project fail for technical reasons?"
Nobody raised their hand.
I didn't raise my hand, because my view (the Keane view) was that good
management doesn't commit to projects that are technically impossible.
I didn't think about "technically risky".
But this is a short-sighted view; "technically risky" is one aspect,
but lots of projects never start because of lousy technology.
And TriStrata is a perfect example of a project failing because of
management ignorance of technology, which I think is a much bigger
problem than projects failing because of technological risk.
Keane's attitude toward technology is IMHO why they make so much money
and simultaneously produce so little value for their customers. And
it's why I only worked there for 90 days.
The corroboration of the snake-oil starts here
> "I don't think these guys know. I informed the board at the last
> meeting that we don't have a one-time pad implementation, we have a
> 'pseudo one-time pad implementation.' Perkins got pissed off."
> "At that fact?"
> "At that fact. Started with the messenger, which I didn't take, and
> then got pissed off at the fact. He said, 'Oh, what's the difference?'
> Well, the difference is we have every cryptographer on the planet up in
> arms, every one."
Schneier's comments on TriStrata are here:
-- <firstname.lastname@example.org> Kragen Sitaker <http://www.pobox.com/~kragen/> The Internet stock bubble didn't burst on 1999-11-08. Hurrah! <URL:http://www.pobox.com/~kragen/bubble.html> The power didn't go out on 2000-01-01 either. :)
This archive was generated by hypermail 2b29 : Thu May 04 2000 - 13:26:45 PDT