BKBRDRGN.RVW 20010703 "The Bear and the Dragon", Tom Clancy, 2000, 0-399-14563-X, U$28.95/C$39.99 %A Tom Clancy %C 10 Alcorn Ave, Suite 300, Toronto, Ontario, M4V 3B2 %D 2000 %G 0-399-14563-X %I Penguin Putnam %O U$28.95/C$39.99 416-925-2249 Fax: 416-925-0068 service@penguin.ca %P 1028 p. %T "The Bear and the Dragon" Clancy is becoming a bit of a curmudgeon in his old age. He's still up there with the best when he's writing about shooting or dropping bombs on people, but he's started padding out the books with a lot more preaching (in some cases literally), and that's a lot less fun in anybody's book. Clancy may know military hardware, but he doesn't show any evidence of being familiar with any other technology. Binary code, while it is the object code that computers actually use, isn't measured in lines. He fundamentally misunderstands the concept of a computer virus. Digital telephone switches weren't around in the 1950s, and trap doors tend to get found, particularly when people poke at them for thirty years. Yes, a proper operating system can improve the performance of a piece of hardware (just ask any Linux devotee), but it can't work miracles. Ghost is a disk image program, and it does bundle files up, but it's used for backup or replication, not spying. One of the funniest mistakes in the book is the insistence that Chinese computers would have to store all documents as graphics files. (A word processor that stored material as graphics files would not be much use: the operator would not be able to manipulate the "text" in any way once it had been entered.) There have always been encoding systems for languages other than those that used a Latin alphabet, and most would now use Unicode. Ironically, for all the other mistakes, when we are told about a download of stolen material, the numbers do work out to a reasonable figure for a decade's worth of weekly minutes, provided nothing else was stored on the computer. He tapdances around encryption in this book, and, while he's obviously been told that 256 and 512 are magic numbers, he still doesn't understand what is going on in the field. 512 bits is probably not a safe key length for asymmetric encryption any longer, but it's way more than good enough for symmetric. Nobody could possibly want any key of 256 thousand bits. "Totally random" numbers are the Holy Grail of stream cyphers, but, as the sainted John Louis von Neumann has said, anyone who considers arithmetical methods suitable for producing random numbers is, of course, in a state of sin. (Clancy would be big on the "sin" part.) Details of encryption keys aside, for the moment, we have a pretty good idea of how strong any encryption system is. The NSA may employ more mathematicians than any other entity, but they don't employ all the mathematicians in the world, and they certainly don't employ all the computer scientists. Within a relatively small, but actually rather numerous, community, the strength of any particular algorithm is well known, as well as how many computer cycles it is going to take to break it. For a nice IDEA or triple-DES system, which is only nominally considered commercially secure, there simply aren't that many computers in the world. Yet. The myth that the NSA can break any code is just that, a myth. (And, yes, quantum computing has something to do with parallel processing, but not all that much at the current state of the art.) Given his lack of understanding of technology, and the software development process, it isn't surprising that Clancy is a big fan of the Star Wars missile defence plans. Hey, it's just a matter of making some software, right? Computers can do anything! The complexities are bound to be lost on someone who believes that Echelon can track, and the NSA can decrypt, every interesting phone conversation in the world. But I must admit that Clancy does get it right in the end. No piece of software is going to work flawlessly the first time, and it is usually some hidden assumption that trips you up. copyright Robert M. Slade, 2001 BKBRDRGN.RVW 20010703