Re: News Flash: Clipper Bug?
My friend Matt Blaze at Bell Labs showed that you can forge LEAFs on Tessera cards so that you can use Skipjack without anyone being able to get the key you are using. Its a slick piece of work -- slick enough that it made the front page of today's New York Times. I'm not sure how practical it is, but its extraordinarily noteworthy.
Please explain how to forge the LEAFs. I presume that this doesn't involve super-encryption.
Peter Wayner says:
My friend Matt Blaze at Bell Labs showed that you can forge LEAFs on Tessera cards so that you can use Skipjack without anyone being able to get the key you are using. Its a slick piece of work -- slick enough that it made the front page of today's New York Times. I'm not sure how practical it is, but its extraordinarily noteworthy.
Please explain how to forge the LEAFs. I presume that this doesn't involve super-encryption.
I'll see if I can get Matt to send an explanation himself. Perry
On Thu, 2 Jun 1994, Peter Wayner wrote:
Please explain how to forge the LEAFs. I presume that this doesn't involve super-encryption.
Here is what the article on the upper right hand side of this morning's New York Times says: "To defeat the system, Dr. Blaze programmed a 'rouge' unit to test thousands of LEAF's. Once he found a valid key, he inserted it in place of the one that would be generated by the Clipper device. Later, if law enforcement officials attempted to use it for decoding, it would not unlock this particular message." He was able to find LEAF's that passed checksum in spite of having an invalid session-key number. If generating these things takes a lot of computing power, maybe we could come up with a distributed processing project like RSA 129 was cracked by. DCF
Duncan Frissell says:
If generating these things takes a lot of computing power, maybe we could come up with a distributed processing project like RSA 129 was cracked by.
No, it doesn't require so much compute power as to need such activity. I'm still examining Matt's paper -- I'll get him to explain, or if he doesn't I'll post a summary. Perry
On Thu, 2 Jun 1994, Perry E. Metzger wrote:
No, it doesn't require so much compute power as to need such activity. I'm still examining Matt's paper -- I'll get him to explain, or if he doesn't I'll post a summary.
Perry
Is the generation of a fake LEAF something that has to be done using the "current" communications session or can you store them up in advance of need and just slap them into place during each session? DCF
Duncan Frissell says:
On Thu, 2 Jun 1994, Perry E. Metzger wrote:
No, it doesn't require so much compute power as to need such activity. I'm still examining Matt's paper -- I'll get him to explain, or if he doesn't I'll post a summary.
Is the generation of a fake LEAF something that has to be done using the "current" communications session or can you store them up in advance of need and just slap them into place during each session?
Information *will* be forthcoming. Hang on. Perry
participants (3)
-
Duncan Frissell -
pcw@access.digex.net -
Perry E. Metzger