A couple of interesting articles on Clipper/Capstone/Skipjack which were included in the latest CuD, for those who haven't already seen it... - paul 8<-------------------- cut here ------------------------------- Date: Wed, 30 Mar 1994 22:03:00 CST Sender: CU-DIGEST list <CUDIGEST@vmd.cso.uiuc.edu> From: "(Jim Thomas)" <TK0JUT2@NIU.BITNET> Subject: Cu Digest, #6.28 ---------------------------------------------------------------------- Date: Sun, 27 Mar 94 17:35:00 -0700 From: walter.scott@HOTLINE.COM(Walter Scott) Subject: File 1--Downs Down On Clipper The Clipper Chip proposal from the Clinton Administration -- which would essentially have government broker individual electronic privacy rights -- is collecting still more opposition. One of the most recent opponents to Clipper is media icon Hugh Downs. Downs is well known for his days as a co-host of the Today Show, host of the game show Concentration, and his current position as co-host of ABC-TV's 20/20. Downs is also a respected advocate for "mature" adults. Downs delivered his "perspective" as to Clipper on the 03-27-94 edition of ABC radio's "PERSPECTIVES." In Downs' segment, much cryptography history -- as it relates to radio -- was explained while Downs laid the foundation for expression of his opinion on Clipper. The following text is a direct transcript of Downs' summation: ------------- TRANSCRIPT BEGINS ------------------------ It's not designed to stop criminals from sending encrypted messages because criminals will always be able to do that. If the NATIONAL SECURITY AGENCY puts a spy chip on American computers, then the criminals will simply avoid the chip and use other computers that don't spy on them. But, it wouldn't be just criminals who would buy foreign made computers. Anyone who wants a private life would have to buy foreign, too. According to John Perry Barlow, who's co-founder and Vice-chair of the Electronic Frontier Foundation, Vice President Gore says he wants the Clipper Chip installed in all American-made computers designed for export. Now, you don't have to be a computer whiz to realize that -- if American computers were forced to have a spy chip built into them -- then fewer people would buy American computers. The computer owes an enormous debt to cryptologists because cryptologists needed machines to disguise radio messages. The information highway is certainly as wide open as radio. Indeed, much of it is already radio. Cellular phones and cellular FAX will quickly expand to cellular modem and satellite communications. As it is, most of this information goes out unprotected. The time has arrived for individuals to have high levels of security. The information superhighway will eventually contain every scrap of information we could possibly imagine. And that means there will be all sorts of unscrupulous people out there trying to hack into our lives. Information-highwaymen are bad enough when they're fourteen years old. But now, adults -- who work for the government -- want to play hacker, too. The Clipper spy chip is bad business for everyone. Information-highway-safety should be a top priority for all of us. ------------ TRANSCRIPT ENDS -------------------- The Hotline/Seattle ~ (206) 450-0948 ------------------------------ Date: Tue, 22 Mar 1994 15:47:00 GMT From: chris.hind@MAVERICKBBS.COM(Chris Hind) Subject: File 2--Reply to "Clipper Paranoia" (CuD #6.26) This is my reply to: shadow@VORTEX.ITHACA.NY.US(bruce edwards) Subject--Opposing Clipper is "paranoia" with good Reason (Cu Digest, #6.26)

Its existence will make no difference at all. The very smart ones may use PGP or something else, and again, clipper will be meaningless.

We could easily build it into the net, making it impossible for the government to stop us. Sound like a good plan?

Because it will probably prove constitutionally impossible to outlaw widespread private encryption -- something big brother finds hard to swallow -- the clipper/encryption push seems to me to be about another kettle of sharks.

Completely true, encryption cannot be outlawed. The government is ripping itself off by giving us powerful encryption for personal use. But for the dark personal secrets, are we really gonna use the clip chip? Not me! I'll use PGP or something else. Criminals aren't going to use the chip unless they're really ignorant or blatantly idiotic. So the government is really spending lots of money to making our lines more secure from illegal phone tappers and such but not doing a thing for them. I believe we're getting the better part of the deal! Do they really want to listen in on phone calls to our relatives? I don't think so. I promote the Clipper Chip! Thanks for the free gift! T> In my opinion (and this I am sure is obvious to most everyone) the

encryption, bugging-port, e-mail reading agenda pursued by government is no more than the first icy finger of the Empire, encircling the throat of cyberspace.

A little dramatic here? They might win the battle but they haven't won the war. The final battle will be when we establish a global Interactive Television system. Then it will pit the public against the US government and the allies it has in this dispute (if any). Nobody wants a video camera normally used for video conferencing to be watching them in their own living room without them even knowing it. By this time, people will know a lot more about this scheme and most likely the public will win this battle unless the majority of the population is as ignorant as a two year old child to the world around them. ------------------------------ Date: Wed, 30 Mar 94 13:24:38 PST From: dave@PCE1.HAC.COM(Dave Fandel) Subject: File 9--How Clipper Actually Works In all the anti-Clipper flaming that has been occuring I haven't seen anything about how Clipper actually works. I generated the following based on a lecture in a secure computer systems class I am taking. +---------------------------------------------------- Clipper Operations: Chip +----------------+ | | Message (M) -->| Algorithm (E) |--> Encrypted Message (B) = E [M] | Chip ID (ID) | K | Chip Key (U) | User Key (K) -->| Family Key (F) |--> Encrypted ID and Key (A) = | | E [ID | E [K]] +----------------+ F U Note: E [Q] means Encrypt Q with key R R +----------------------------------------------------------- The User Key is a session key that is generated by the two ends in the following manner: Side A Side B Generate a, X Generate Y a, X and Y are random # Send a and a^X ------> Receive a and a^X <------ Send a^Y Receive a^Y Generate K=(a^Y)^X Generate K=(a^X)^Y ie key K=a^(XY) So a, a^X, and a^Y can all be intercepted without giving away key. +---------------------------------------------------------------- So where does the government and the Key Escrow come into it? Note the 2nd output from the clipper chip - it is the ID of the chip and an encrypted version of the session key. The government will know the family key and can extract the ID. Then they go to the two escrow agencies (NIST and the Treasury Dept.) and get the two components of the chip key U. This allows the session key to be extracted and the message to be decrypted. Agency 1: ID and U(A) U(A) --+ OR --> U Agency 2: ID and U(B) U(B) --+ +------------------------------------------------------ General comments: 1. The Algorithm for the clipper chip is an NSA Type II algorithm called Skipjack. Type II is for unclassified, but sensitive. 2. If you could reprogram the Chip Key (U) or block the transmission of the encrypted ID and key this concept wouldn't be to bad. 3. The other point of vulnerability is at the manufacturing location where the Chip Key is originally generated. All 3 pieces of info (ID, U(A), and U(B)) have to be in the same place to generate the key. Dave Fandel dave@pce2.hac.com 3/30/94 If there is anything incorrect in this document please let me know. ------------------------------ 8<--------------------------- cut here ------------------------------ Cheers, _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul@hawk.sprintmrn.com