~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Is it just me, or is anyone else dubious about Dorothy Dennings and company running their various Skipjack tests ON AN *NSA* CRAY COMPUTER? Since many of the objections to the whole plan arouse because of doubts about the intentions of the NSA, why would D.D. et al. trust them to run these critical tests? How difficult would it be for the NSA to spoof its own computer? Next big news items: United Nations hires Serbian troops to report on human rights violations in Bosnia. Farmer Brown puts fox in charge of henhouse. Film at eleven. S a n d y
Please send e-mail to: ssandfort@attmail.com <<<<<<
Sandy Sandford writes:
Is it just me, or is anyone else dubious about Dorothy Dennings and company running their various Skipjack tests ON AN *NSA* CRAY COMPUTER? Since many of the objections to the whole plan arouse because of doubts about the intentions of the NSA, why would D.D. et al. trust them to run these critical tests? How difficult would it be for the NSA to spoof its own computer?
Next big news items: United Nations hires Serbian troops to report on human rights violations in Bosnia. Farmer Brown puts fox in charge of henhouse. Film at eleven.
This is but one of the obvious flaws in the whole Clipper scheme. I think the whole Clipper debate can be boiled down to this one important fact: * It is not in the interest of the NSA for Clipper/Skipjack to be secure, therefore they will find a way to make sure that either the algorithm or the chip itself contains a NSA backdoor before the chip is sold to the American public. The whole escrow scheme is an obvious wild goose chase as well. We all know that the NSA operates by importing large amounts of information (oceans of data) and uses it's computers to extract the goodies. The would not be able to do this if they had to obtain a warrant for each conversation that constitutes a part of the ocean of data. The whole escrow aspect of the system is obviously bogus. To review: 1) The key escrow aspect is a wild goose chase. 2) The security of the algorithm is also a wild goose chase. 3) The backdoor must be in the chip hardware itself. Therefore even if Clinton and the NSA deside to make the two key escrow agents the E.F.F. and the A.C.L.U, and Denning and her crew declare the algorithm to be secure, I will still advocate a complete boycott of the Clipper/Skipjack technology because the backdoor will be in those tamper-proof chips. Thug
Date: Mon, 2 Aug 1993 13:52 EDT From: thug@phantom.com (Murdering Thug) To review: 1) The key escrow aspect is a wild goose chase. 2) The security of the algorithm is also a wild goose chase. 3) The backdoor must be in the chip hardware itself. Dr. Thug ignores the most obvious weakness, which is likely in the key generation process. By selecting the key from a relatively small keyspace (say 40 bit equivalent, rather than the 80 bit nominal keyspace) the cost of exhaustive search can be dramatically lowered to those who know the basis of key selection, without any outward evidence of tampering, weakness of the algorithm, weakness of the chip, vulnerability to external attacks, special hardware to respond to trapdoor codes, etc. Examining the chip hardware for correctness will not discover this attack. Only providing users with the ability to program their own keys, together with public disclosure of the Skipjack algorithm and verification of its implementation can help. If there are a significant number of weak keys in the Skipjack algorithm (which is explicitly denied in the panel report) then even this approach could be dangerous.
participants (3)
-
Sandy -
thug@phantom.com -
Tom Knight