"The Bear and the Dragon", Tom Clancy, 2000, 0-399-14563-X,
%A Tom Clancy
%C 10 Alcorn Ave, Suite 300, Toronto, Ontario, M4V 3B2
%I Penguin Putnam
%O U$28.95/C$39.99 416-925-2249 Fax: 416-925-0068 service@...
%P 1028 p.
%T "The Bear and the Dragon"
Clancy is becoming a bit of a curmudgeon in his old age. He's still
up there with the best when he's writing about shooting or dropping
bombs on people, but he's started padding out the books with a lot
more preaching (in some cases literally), and that's a lot less fun in
Clancy may know military hardware, but he doesn't show any evidence of
being familiar with any other technology. Binary code, while it is
the object code that computers actually use, isn't measured in lines.
He fundamentally misunderstands the concept of a computer virus.
Digital telephone switches weren't around in the 1950s, and trap doors
tend to get found, particularly when people poke at them for thirty
years. Yes, a proper operating system can improve the performance of
a piece of hardware (just ask any Linux devotee), but it can't work
miracles. Ghost is a disk image program, and it does bundle files up,
but it's used for backup or replication, not spying.
One of the funniest mistakes in the book is the insistence that
Chinese computers would have to store all documents as graphics files.
(A word processor that stored material as graphics files would not be
much use: the operator would not be able to manipulate the "text" in
any way once it had been entered.) There have always been encoding
systems for languages other than those that used a Latin alphabet, and
most would now use Unicode. Ironically, for all the other mistakes,
when we are told about a download of stolen material, the numbers do
work out to a reasonable figure for a decade's worth of weekly
minutes, provided nothing else was stored on the computer.
He tapdances around encryption in this book, and, while he's obviously
been told that 256 and 512 are magic numbers, he still doesn't
understand what is going on in the field. 512 bits is probably not a
safe key length for asymmetric encryption any longer, but it's way
more than good enough for symmetric. Nobody could possibly want any
key of 256 thousand bits. "Totally random" numbers are the Holy Grail
of stream cyphers, but, as the sainted John Louis von Neumann has
said, anyone who considers arithmetical methods suitable for producing
random numbers is, of course, in a state of sin. (Clancy would be big
on the "sin" part.)
Details of encryption keys aside, for the moment, we have a pretty
good idea of how strong any encryption system is. The NSA may employ
more mathematicians than any other entity, but they don't employ all
the mathematicians in the world, and they certainly don't employ all
the computer scientists. Within a relatively small, but actually
rather numerous, community, the strength of any particular algorithm
is well known, as well as how many computer cycles it is going to take
to break it. For a nice IDEA or triple-DES system, which is only
nominally considered commercially secure, there simply aren't that
many computers in the world. Yet. The myth that the NSA can break
any code is just that, a myth. (And, yes, quantum computing has
something to do with parallel processing, but not all that much at the
current state of the art.)
Given his lack of understanding of technology, and the software
development process, it isn't surprising that Clancy is a big fan of
the Star Wars missile defence plans. Hey, it's just a matter of
making some software, right? Computers can do anything! The
complexities are bound to be lost on someone who believes that Echelon
can track, and the NSA can decrypt, every interesting phone
conversation in the world.
But I must admit that Clancy does get it right in the end. No piece
of software is going to work flawlessly the first time, and it is
usually some hidden assumption that trips you up.
copyright Robert M. Slade, 2001 BKBRDRGN.RVW 20010703
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
I won't stand for it, and I'm not going to take it lying down,
so I guess I'll just have to sit it out. - Larry Wall