Message-Id: <00541.2828009147.4718@washofc.cpsr.org> From: David Sobel <dsobel@washofc.cpsr.org> Date: Thu, 12 Aug 1993 14:01:54 EST Subject: Re: >Clipper trapdoor?
David, You wrote:
[...] I think the question you raise is a critical one -- under what guidelines will the escrow agents determine the validity of an NSA request for the key without a FISA warrant?
If I were the NSA, I would *never* permit a key request to leave the building at Ft. Meade. The fact that it wanted a given key is, itself, intelligence. I am one person who believes that the gov't would never be able to establish a key escrow agency secure enough even for my customers (Stratus customers: already extra-careful purchasers of high priced fault tolerant equipment: banks, large funds transfer people, stock brokers, hospitals, ...). It's too cheap for organized crime to bribe or break in at the escrow agencies. Therefore, I'm on record as a commercial crypto consultant recommending against any customer of ours using any escrowed-key mechanism, no matter how strong the algorithm or how trustworthy the key generation process. If the agency is too flaky for me, they're bound to be too flaky to be trusted with a paper trail of NSA's eavesdropping targets. The traffic analysis of that trail would be worth an absolute fortune. I'd give it a week before it was compromised. So: I wouldn't go to the escrow agencies in any way at all. ---------- Now, there was an interesting thing from DERD the other day -- that the original key generation mechanism is out, replaced by one which is classified (for nat'l security reasons, I assume). ---------- As I mentioned in alt.privacy.clipper the other day, if I were the NSA I would: 1. pick a *very* secure block cryptosystem (secure enough for them to use to send top secret crypto keys around the world, where the enemy is sure to intercept the message) 2. encrypt the chip's serial number in that algorithm, using a single key which only the agency knows 3. use the output of that encryption as the chip's key [that output will look totally random to the outside observer, because the encryption algorithm is so good] 4. make the two escrow copies, as before, and deliver them to the escrow agencies 5. keep the key generation process secret, for fear of inciting rebellion among civil liberties groups ----------- - Carl P.S. One of my questions for CSSPAB was why the key generation procedure didn't just use a hardware random number generator. That's the accepted practice and there's no reason to classify it. P.P.S. Is there any way to get NIST to answer my list of 22 questions?