Re: Black Eye for NSA, NIST, and Denning
It was my understanding from what was posted here and on sci.crypt that Clipper chips were only going to be given to phone manufactureres who had an approved design. This would mean no pre-encryption of messages, and no hacks to defeat the LEAF block, would be allowed. It's not clear to me whether the same restrictions apply to the use of the Tessera plug-in card. It sounds, from what was posted here, like Blaze was able to feed sample LEAF's at his card until it accepted one. Is that correct? If so, apparently users of such cards have access to low-level functions which would allow this kind of trick to be used. Unless there is some way to get a supply of Clipper chips to allow you to make Clipper-compatible phones which still protect privacy, then all this theorizing is not too useful. I am inclined to agree with Deadbeat that if you want to give the impression that you are using Clipper on your phone calls (to blend in, to keep a low profile) but at the same time you want the key escrow not to work, then pre-encryption is a superior strategy to Matt Blaze's idea. Matt's trick only hides the session key if both sides are using it. And even in that case it appears to require particular key manage- ment techniques that may not be standard (one side provides the session key, or it is negotiated but both sides wait 30 minutes to talk). So it does seem that some pre-arrangement will be necessary in practice to allow Blaze's approach to successfully hide the session key. It's true that the Blaze technique hides the unit id, preventing traffic analysis. But that could be a negative. Playing paranoid, suppose that Clipper traffic is routinely decrypted with the family key. Then the fact that someone is using bogus LEAF's might be evident because the unit id would change with each call. Using pre-encryption makes you look like a good little boy until they bring out the escrowed keys. (Of course, they're not supposed to troll LEAF's, any more than they're supposed to break escrow, but I'm assuming that the former will be easier and more likely than the latter.) Hal
Hal says:
It's not clear to me whether the same restrictions apply to the use of the Tessera plug-in card.
Well, they are planning on selling the things to all comers as an encryption standard for all sorts of applications, so there are limits on how restrictive they can be.
It sounds, from what was posted here, like Blaze was able to feed sample LEAF's at his card until it accepted one. Is that correct?
Yes.
If so, apparently users of such cards have access to low-level functions which would allow this kind of trick to be used.
Yes.
Unless there is some way to get a supply of Clipper chips to allow you to make Clipper-compatible phones which still protect privacy, then all this theorizing is not too useful.
Clipper, Capstone, Tessera, etc, are, to my knowledge, interoperable implementations of the EES. Perry
-----BEGIN PGP SIGNED MESSAGE----- Perry said:
Clipper, Capstone, Tessera, etc, are, to my knowledge, interoperable implementations of the EES.
MYK-78 (or Clipper, not to be confused with the C400 Clipper in my desktop machine) provides Skipjack encryption. Note that it does not include any type of key exchange; the equipment designer is in charge of that. Capstone provides Skipjack encryption, plus DSS and SHA-based signatures and D-H key exchange. The encryption is of course interoperable with MYK-78 units, but I would guess that a Capstone-based unit would need key-exchange code for each individual class of MYK-78 device. Tessera is Capstone packaged on a PCMCIA card for use with PCs and computers. NSA and DoD intend Tessera cards to be issued to individuals as authentication and encryption tokens. _Network World_ reported in February that the initial Tessera beta testing would include ~300 general officers from the US armed forces. Plus Matt Blaze :) - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich@ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLfM6Kafb4pLe9tolAQFc9QQAhAMrrfwkAG5VVB7jaLAgK8oFzx3zPYv5 PmJ3f2P8l6FaHUdohX2g8W6C+ZvMJ1m9Cw2YLg3+0gARVl1m3qTdvZaPV+vx+kwI DKI3CIS+7J+6D3tiJRCXmV/BLYjOPzLQf6m0wirgamu7BfxD1ctkhCQ3Nv9MNlqK JOM3V4Vcgpk= =nPlx -----END PGP SIGNATURE-----
participants (3)
-
Hal -
paul@poboy.b17c.ingr.com -
Perry E. Metzger