Subject: AT&T DES vs. Clipper phone security products Uncertainty on the availability of DES versus Clipper based products from AT&T has sparked some interest. Parties within AT&T were contacted to determine the state of their products. DES is not available in AT&T TSD products and one person said "NSA doesn't want DES in the TSD." # Also, the clipper algorithm is currently unavailable and expected in "September". This person deferred to a second person who provided the following: The 3600 is available with two proprietary AT&T encryption algorithms, one ITAR compliant, one for U.S. persons only. Two Telephone Security Devices (TSD) will attempt to hierarchially establish security, the higher security being non-ITAR compliant. This will be extended to the clipper algorithm (highest) when available. Neither proprietary algorithm is in the public domain. [Apparently NSA is perfectly happy with these. + ] You can buy TSDs now, and pay an extra fee (reasonable) for the ungrade path to clipper when available (September not absolutely guaranteed). Paying the fee will allow you to exchange the TSD for a new and improved one at a later date. The hold up on clipper is availability from Mykotronx and questions were deferred to "the NSA". AT&T has been performed product integration tests with clipper and is ready to go as soon as chips are available. Their willingness to sell clipper phones is predicated on marketplace acceptance and the prospect of having a national standard with the chance of interoperability between different manufacturers. There is a perceived need for voice security products, and the balance with respect to "legitimate law enforcement access" was discussed. There was some confusion about key management, which was inferred to be present in the clipper chip. [The question arises as to which clipper chip they are waiting on, the MYK-78 or the MYK-80 which has key management features. The question also arises as to whether or not the MYK-78 is susceptible to a captured control programming attack to prevent transmission of the Law Enforcement Access Field, with an inferred assumption that the MKY-80 does not share this vulnerability. *] AT&T will continue to market the present 3600 sans clipper with the two proprietary encryption algorithms (ITAR/U.S. ONLY). This was stressed rather strongly. The question of relative strenght of cryptographic algorithms was brought up. There were no conclusions, as no common metric can be used, with one public algorithm, two proprietary and one classified algorithm. DES availability was discussed and was inferred to be affected by international agreements limiting DES proliferation. The TSD uses RCELP, a proprietary vocoder that is supposed to add fidelity over CELP, and is supposed to encode female voices better, with better treble. AT&T feels RCELP is superior to anything else at 4800 baud. This raised the question of licensing for RCELP. RCELP is not in the public domain to date. Executive resistance to CELP at 4800 baud is supposedly a good sell for RCELP. The 4800 baud limitation is based on the least common denominator of analog cellular communications paths, which won't support V.32 (9600 baud). The greatest need for telephone security devices is seen for cellular communications. The 3600 optionally comes with 5 handset interface modules (as opposed to one for the base product) that interface different phones to the TSD. This is required based on different frequency response of handset microphones as well as signal amplitudes. The 5 interface modules are considered universal - covering all types of phones. Think of this as signal conditioning to make the RCELP vocoder perform better. The standard power supply takes 110 VAC, 60 Hz. An optional universal power supply and international power package are available. ------ # Is DES secure enough to cause heartburn for our 3 letter agencie cousins? + the inferrence being that DES is higher security than either proprietary algorithm. * It has been reported that MYK-80 chips exist and have been tested by Mykotronx.