I think it is interesting how the Law Enforcement Exploitation Field has been renamed LEAF. Good P.R. move NIST! I'm personally not motivated to believe that Skipjack is a flawed algorithm, but at the same time I do not consider it tested until it has stood up to peer-reviewed public analysis. I am very concerned about the key-exchange system. As far as I can see, we still don't know exactly what it is, and whether that is safe. Public key systems are much more difficult to design securely than private key systems. The key exchange has to be secure from eavesdroppers and also proof against "man-in-the-middle" attacks. Furthermore, there is the traffic-analysis problem. Everything I have read so far has indicated there will be a single system key which will encrypt Clipper serial numbers. A trivial phone tap with someone armed with the system key could result in massive traffic-analysis, and the government could do this simply because they have the system key, the Mafia will follow soon. I think a good avenue of attack right now is to politically attack the key-escrow parts of Clipper, and get Skipjack as a published private-key standard. Write your congresscritters. -Thomas
participants (1)
-
technopagan priest