Earl Edwin Pitts, $224,000
http://www.cnn.com/US/9612/18/fbi.spy/index.html FBI agent spied for Soviet Union, Russia. "He also provided a stolen FBI handset to a telecommunications device used to transmit classified information," Too bad he didn't have access to the Clipper database. That would have helped us find its free market price. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
At 8:20 PM -0500 12/18/96, Adam Shostack wrote:
http://www.cnn.com/US/9612/18/fbi.spy/index.html FBI agent spied for Soviet Union, Russia.
"He also provided a stolen FBI handset to a telecommunications device used to transmit classified information,"
Too bad he didn't have access to the Clipper database. That would have helped us find its free market price.
...and who's to say he didn't? Anyone who bought it--the Russians, for example--would hardly have been likely to publicize their purchase. (Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone else would not.) According to tonight's news reports, he was in charge of counterintelligence against the Soviets and then the Russians in the New York area. This gave him considerable access to surveillance and crypto methods. Note also that James Kallstrom heads up the New York FBI office. (Maybe he knows some members of this list.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
"Timothy C. May" <tcmay@got.net> writes:
According to tonight's news reports, he was in charge of counterintelligence against the Soviets and then the Russians in the New York area. This gave him considerable access to surveillance and crypto methods. Note also that James Kallstrom heads up the New York FBI office.
(Maybe he knows some members of this list.)
No shit! I just realized that I think I did meet this guy!!! --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
In Ross Anderson's paper `Tamper Resistance - a Cautionary Note' (see http://www.cl.cam.ac.uk/~rja14/), there is a reference to the clipper chip having already been reverse engineered: Anderson writes: "We are reliably informed that at least one U.S. chipmaker reverse engineered the Clipper chip shortly after its launch." Heart warming :-) Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
In Ross Anderson's paper `Tamper Resistance - a Cautionary Note' (see http://www.cl.cam.ac.uk/~rja14/), there is a reference to the clipper chip having already been reverse engineered:
Anderson writes: "We are reliably informed that at least one U.S. chipmaker reverse engineered the Clipper chip shortly after its launch."
that's really big news. what does this company plan to do with it? note that reverse engineering would give the following benefits: 1. knowledge of the skipjack algorithm. supposedly the NSA based a lot of security on it being secret-- they consider it so powerful that no one should be able to use it for their own purposes. however I wonder how much security they tried to invest in this scheme. the #1 rule of crypto, of course, is to always assume your adversary can get your algorithm. 2. given knowledge of the algorithm, people could use it for their own purposes, or to make compatible clipper chips that don't use key escrow. of course, it would be interesting to see the govt response to this reverse engineering. new laws? fines? imprisonment? frankly, it would be fun to see them squirm like this. CYPHERPUNKS-- this would be another big front page NYT article and *severe* blow to the spook establishment if someone PUBLISHED this algorithm in cyberspace.... just noting the obvious and not encouraging anything ILLEGAL here, heh heh, <wink>
Vladimir Z. Nuri wrote: | CYPHERPUNKS-- this would be another big front page NYT article and | *severe* blow to the spook establishment if someone PUBLISHED this | algorithm in cyberspace.... just noting the obvious and not | encouraging anything ILLEGAL here, heh heh, <wink> I disagree. I think publishing Skipjack would be counterproductive. Right now, we're shooting to make the ITARs irrelevant by saying things like 'IDEA is Swiss, and when we can't export it from the US. What does that do to competitiveness?' We can't make that claim about Skipjack. Skipjack is an NSA designed cipher which the agency probably expects will be publicised. But would they ever admit to it? Heck no. When its published, expect screams of bloody murder by the four horsemen. Many people will believe it. Its easy to construct the case that the ITARs, as they apply to things in the public domain, thing implemented outside the US, things designed outside the US, are just silly. Its much harder to make that argument about Skipjack, especially as you can't legally export the chips. Adam PS: The current (year end double issue) of the Economist is quite an enjoyable read. Crypto relevance? The decipherment of Mayan hieroglyphics, some on commerce on the net. But mostly I just found it a very enjoyable read. -- "It is seldom that liberty of any kind is lost all at once." -Hume
[publish skipjack]
Right now, we're shooting to make the ITARs irrelevant by saying things like 'IDEA is Swiss, and when we can't export it from the US. What does that do to competitiveness?' We can't make that claim about Skipjack. Skipjack is an NSA designed cipher which the agency probably expects will be publicised.
they spent millions of dollars to hide the encryption on the chip-- using state-of-the-art technology from what I understand. it would have been far cheaper not to have done this. also, the chip manufacturer was under very high security. so, seems like exactly the opposite to me-- they don't want it to be publicized. in fact when it was first released there was some verbiage in the documents about how the chip design would be used to prevent such an amazingly powerful algorithm from getting into private hands without "appropriate safeguards". so I don't buy your theory. publishing skipjack would be a very, very significant cpunk victory. recall that DES was slightly redesigned by the NSA, and about 20 years later it was discovered it was done to possibly make it less vulnerable to "differential cryptoanalysis". 20 years later! that suggests that the NSA may be up to 20 years ahead of public/academic crypto research, at least at that point. anyway, my point is that if skipjack was published, similar insights into what the NSA is thinking would be available. can you point to an algorithm other than DES officially sanctioned by NSA? skipjack is even better, it was *built* by them, and apparently to be highly secure. the insights available to private researchers after studying the algorithm would be very significant imho. it would be a snapshot made very recently of what the nsa considers a state-of-the-art encryption algorithm. especially useful considering that DES is about to die and people are looking for alternatives. note that many people suspect Skipjack is very similar to the DES in that it is built out of Sboxes and Pboxes. so in that sense the basic design is probably not all that different. it would be disappointing if it wasn't different from DES in some interesting way. I doubt this would be the case.
Vladimir Z. Nuri wrote: | [publish skipjack] | > Right now, we're shooting to make the ITARs irrelevant by | >saying things like 'IDEA is Swiss, and when we can't export it from | >the US. What does that do to competitiveness?' We can't make that | >claim about Skipjack. Skipjack is an NSA designed cipher which the | >agency probably expects will be publicised. | | they spent millions of dollars to hide the encryption on the chip-- | using state-of-the-art technology from what I understand. it would have | been far cheaper not to have done this. also, the | chip manufacturer was under very high security. | | so, seems like exactly | the opposite to me-- they don't want it to be publicized. in fact | when it was first released there was some verbiage in the documents | about how the chip design would be used to prevent such an amazingly | powerful algorithm from getting into private hands without | "appropriate safeguards". so I don't buy your theory. I said expects, not wants. The NSA knows that Skipjack is a fat target, and probably, despite efforts at hardening it, a soft target as well. So they took steps to make it tough, but probably expect that those efforts will fail. | publishing skipjack would be a very, very significant cpunk victory. | recall that DES was slightly redesigned by the NSA, and about 20 | years later it was discovered it was done to possibly make it | less vulnerable to "differential cryptoanalysis". 20 years later! | that suggests that the NSA may be up to 20 years ahead of public/academic | crypto research, at least at that point. Bruce Schneier gave a talk 2 years ago at the Crypto rump session where he talked about 'Open Source Skipjack.' The talk notes may be on the web. | anyway, my point is that if skipjack was published, similar insights | into what the NSA is thinking would be available. can you point to I know that. I honestly don't think it would be a sufficient propaganda victory to break through the 'tamper-resistant' housing and reverse engineer the algorithim to make it worth the loss of respect for 'revealing national security codes.' The big losers would be the smartcard folks. Its not clear to me that 'cypherpunks' would get more positive PR than negative. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Tue, 24 Dec 96 12:26:02 -0800, vladimir z nuri wrote:
CYPHERPUNKS-- this would be another big front page NYT article and *severe* blow to the spook establishment if someone PUBLISHED this algorithm in cyberspace.... just noting the obvious and not encouraging anything ILLEGAL here, heh heh, <wink>
What do you think about Eiffel? jd -- Fight spam: http://www.vix.com/spam jason durbin slothrop@poisson.com Stop Reading Here <---
participants (6)
-
Adam Back -
Adam Shostack -
dlv@bwalk.dm.com -
slothrop@poisson.com -
Timothy C. May -
Vladimir Z. Nuri