Keywords: rant Tim writes:
If Matt's attack works, and Clipper/Capstone/Tessera/etc. has to be redesigned, some issues are pretty apparent:
Capstone/Tessera already had to be redesigned to use the new Secure Hash Standard revision (one can speculate about whether the NSA's revision was to remove an old weakness or install a new one, or both :-) Of course, if they do redesign Clipper instead of junking it, the chances of them making it *more* genuinely secure by having the two wiretap keys installed separately instead of having them combined (and probably stolen) by the NSA and then the XOR loaded in are probably pretty low...
* Combined with Micali's talk of a lawsuit, the slow acceptance of Clipper (Cypherpunks and others have helped to make Clipper a very dirty word, thus slowing any corporate acceptance that I suspect the NSA was hoping for), and these problems, the Clipper program seems to be in disarray.
It's especially enjoyable seeing that coming from Micali - his patent on "Fair Cryptosystems" is just *dripping* with the collectivist use of "fair" as meaning "Do what we tell you". His system also fails to carry out the claims made by his patent that say it permits the government to access the keys of suspected lawbreakers while protecting the privacy of law-abiding users, unless you accept the Ed Meese position that people who are law-biding aren't suspects...
So, NSA's vaunted crypto capabilities seem to be waning. (I'm sure there are still many competent folks at the Fort, of course.) Their venture into the commercial world seems pretty flawed.
While the SHS problems are crypto-related, the primary incapabilities of the NSA's Clipper project aren't technical, but political - they're trying to tell the public "We don't trust you, but you can trust us, because we're from the Government and we're here to help you!", which is a hard sell for anyone :-) Bill