White House Encryption idea

Peter Meyer meyer at mcc.com
Fri Apr 16 19:42:56 PDT 1993


    Date: Fri, 16 Apr 1993 15:13 CDT
    From: treason at gnu.ai.mit.edu

    Well, this all sounds fine and dandy, but...

    1)  They are not passing out the algorithym, and I dont trust ANYONE to tell
    me its secure.  ...

    4) No explanation of what the 'key' contents are composed of (numbers, letters,
    alphanum, characters, some odd cyphercode???) is even implied.

    5)  No explanation of how the key is propegated or if it will even be needed
    for the remote site is mentioned.  How are the remote sites going to
    decypher your cyphersounds(text)?

    There was no mention of further releases in information...is this all we get?

    treason at gnu 

Question (5) is particularly acute.  Offhand I can think of two ways the
remote site might decrypt the message:

1.  If the two phones can talk to each other then the originator phone
might ask the receiver phone for its public key (as in public key
cryptography) and then use this to encrypt the message.  (The receiver
phone then decrypts with its private key.)  But since the encryption is
occurring in real time, this is probably not feasible unless short keys
are used.

2.  The originator phone might simply send the encryption key down the
line, perhaps itself encrypted or disguised in some way.  If so then it
might not be too hard to discover the key.  In this case all security
lies in ignorance of the encryption algorithm used (violating crypto-
logical principles).  It probably wouldn't be too long (at most a year
or so) before someone figures out what the algorithm is, in which case
all security is compromised.  However, security in particular cases is
relative to the expertise of the attacker, so it might still be the case
that one's neighbors and business competitors could not decrypt the
message, even if XYZ Security Consultants could.

-- Peter Meyer







More information about the cypherpunks-legacy mailing list