As promised, I spoke today with the company mentioned in a Washington Times article about the Clipper chip announcement. The name of the company is Secure Communicatiions Technology (Information will be given at the end of this message on how to contact them). Basically they are disturbed about the announcement for many reasons that we are. More specifically however, Mr. Bryen of Secure Communications brought to light many points that might interest most of the readers. His belief is that AT&T was made known of the clipper well before the rest of the industry. This is for several reasons, several of which are: - A company of AT&T's size could never be able to make a decision to use the new chip on the SAME DAY it was announced. - Months ago they proposed using their own chip for AT&T's secure telephone devices. AT&T basically blew them off as being not interested at all. This stuck them as strange, until now... Also I spoke with Art Melnick, their cryptographer, he expressed several concerns over the new Clipper Chip: - The obvious backdoor will be able to let many people decrypt the code. - Once the key is released to authorities the security of the crypto system is lost forever. These keys can end up in the hands of any agency of the government. - The fact that the escrowed keys never change means that the algorithm is vulnerable over time to an attacker. - The classified algorithm may hide another backdoor. But he feels that it is probably to keep people from forging fake serial numbers, or changing the keys themselves. - Additionally he feels that the NSA has probably spent enough time and money in working on a way to keep this chip from being reversed engineered, that he feels that reverse engineering it will be very difficult to do. He feels that they have developed a suitable technique to protect the chip from this attack. Also he feels that the chip is hardware encoded with the algorithm and not microcoded onto the chip. Additonally I spoke with Mr. Melnick about their algorithm. He couldn't tell me much about their new agorithm because it hasn't been patented yet. However he told me a little: - The algorithm will be released for public review after patents have been granted for it. This is so the crypto community can see that it is secure. - The algorithm is called NEA for New Encryption Algorithm. The details were sketchy because now it is held as a trade secret until the patent was issued, but I was told that it will incorporate the following: - It will have fast encryption of data (Exact specs not given, but Mr. Melnick stated "Much faster than what an RS-232 can put out.") - It is a symmetric cipher, just like IDEA and DES. - It will use 64 bit data blocks for encryption (like DES and IDEA). - The key length was not given to me, but Mr. Melnick states that it is _adujustable_ and is "More than adequate for security." - The algorithm is written in C and Assembler in software form, and can be ported to many platforms (Unlike the the Clipper Chip which is hardware ONLY and cannot be made into software) This I consider a definite plus for the NEA for widespread use. - The algorithm will accomodate public key distribution techniques such as RSA or Diffie-Hellman. This will also be supported in the hardware chip. - Right now the projected cost of the NEA chip will be about 10 dollars for each!! (Clipper will run 25 each chip [that is if it is produced enough, which probably won't happen]). - They currently sell a program called C-COM that uses the algorithm and a special streaming protocol that does not divide the encrypted data into "blocks." This could prevent plaintext attacks if you know what the block header is. This program operates at all supported RS-232 speeds and uses the software implementation of the algorithm. - Most importantly: IT DOES NOT HAVE A BACKDOOR!! Right now the company is afraid that the new clipper chip will put them out of business. This is a very real possibility. So they really need help in stopping the clipper chip from becoming a standard. If you want to contact them, they can be reached at.. Secure Communications Technology 8700 Georgia Ave. Suite 302 Silver Spring, MD (301) 588-2200 I talked to Mr. Bryen who represents the company. He can answer any questions you have. ============================================================================= /// | psionic@wam.umd.edu | Fight the WIRETAP CHIP!! Ask me how! __ /// C= | -Craig H. Rowland- | \\\/// Amiga| PGP Key Available | "Those who would give up liberty for \/// 1200 | by request. | security deserve neither." =============================================================================
"Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip] All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. Beyond that, if we need hardware, why not use one of the currently publically known algorithms like DES or IDEA, or a combination of them? Why use some other companies algorithm? Perry
Date: Thu, 22 Apr 1993 15:07 CDT From: "Perry E. Metzger" <pmetzger@lehman.com> "Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip] All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. Beyond that, if we need hardware, why not use one of the currently publically known algorithms like DES or IDEA, or a combination of them? Why use some other companies algorithm? Perry Even when using encryption software there may be reasons to use something other than DES. One possible reason (apart from doubts about whether NSA can break DES in one or more of its modes) is that, although the security and speed of an encryption algorithm is of central importance, the quality of the user-interface is also important. For example, if you want to encrypt/decrypt thirty files in five different subdirectories twice a day, and do it in an office with your colleagues looking over your shoulder, you won't want to be using software that encrypts only one file at a time and also displays the encryption key as you type it in (though you might like to have the key echoed when no-one else is about). There are lots of other things to be considered besides the algorithm itself when designing good encryption software, e.g. if someone accidentally yanks out the power cord to the computer during decryption do you kiss goodbye to the data? -- Peter Meyer
Date: Thu, 22 Apr 1993 15:46-0500 From: Peter Meyer <meyer@mcc.com>
Date: Thu, 22 Apr 1993 15:07 CDT From: "Perry E. Metzger" <pmetzger@lehman.com>
"Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip]
All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. [...]
[...]
There are lots of other things to be considered besides the algorithm itself when designing good encryption software, e.g. if someone accidentally yanks out the power cord to the computer during decryption do you kiss goodbye to the data?
Well, what if I need to the capability of doing 5-10 Mbyte/s? I am still haisng out a few design details of a "secure" BSD using encryption of the filesystem before I hit the code and right now this particular issue is one that I have still not worked out. I need it in hardware. Software is just not fast enough and I a not sure how much work it will require to get a DES card to do E(K1,D(K2,E(K1,x))) if I want to use 128 bit keys. Does anyone know if there is a hardware implementation of IDEA or another algorithm of suitable cryptographic strength available in a card or chip? Then again, maybe I could use a clipper chip... (big ;-) jim
participants (4)
-
Haywood J. Blowme
-
mccoy@ccwf.cc.utexas.edu
-
Perry E. Metzger
-
Peter Meyer