Fowarded messages from RISKS

Paul Ferguson fergp at sytex.com
Thu Apr 22 10:18:26 PDT 1993


Greets.
 
These two forwarded message are from the RISKS Forum (14.51). I
thought some of you folks might be interested. (Padgett Peterson is
a fellow assembler buff who is better known on comp.virus.)
 
---- Forwded Messages --------------------------
 
Date: Mon, 19 Apr 93 9:21:53 EDT [RISKS-14.51]
From: Clipper Chip Announcement <clipper at first.org>
Organization: FIRST, The Forum of Incident Response & Security Teams
Subject: Slide presented at White House briefing on Clipper Chip
 
Note:     The following material was handed out a press briefing on the
          Clipper Chip on 4/16.
 
                              Chip Operation
 
                         Microchip
User's Message      +----------------------+
------------------> |                      |      1.  Message encrypted
                    | Encryption Algorithm |          with user's key
                    |                      |
                    | Serial #             |      2.  User's key 
encrypted
                    |                      |-->       with chip unique 
key
                    | Chip Unique Key      |
User's Encryption   |                      |      3.  Serial # encrypted
Key                 | Chip Family Key      |          with chip family 
key
------------------> |                      |
                    |                      |
                    +----------------------+
 
 
              For Law Enforcement to Read a Suspect's Message
 
1.  Need to obtain court authorized warrant to tap the suspect's 
telephone.
 
2.  Record encrypted message
 
3.  Use chip family key to decrypt chip serial number
 
4.  Take this serial number *and* court order to custodians 
    of disks A and B
 
5.  Add the A and B components for that serial number = the chip
    unique key for the suspect user
 
6.  Use this key to decrypt the user's message key for 
    this recorded message
 
7.  Finally, use this message key to decrypt the recorded message.
 
- ------------------------------
 
Date: Sat, 17 Apr 93 09:12:57 -0400 [RISKS-14.51]
From: padgett at tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: "Clipper Chip"
 
I suppose we should have expected something after all of the sound and
fury of the last few years. The announcement does not really give
enough information though.
 
My first thought involves conventional compromise: what happens if the 
keys are captured through theft *and you know about it* - how
difficult is it to change the keys ? What do you do between the time
the loss is detected and the time a new key set is approved. How
difficult is it to program the chip or do you need a new one ? (and
if the chip can be reprogrammed, how do you prevent covert changes
that will not be discovered until authorization to tap is received and
the agency finds  out that it cannot ?). Potentially this must occur
every time a trusted employee leaves.
 
For some time, I have been playing with dynamic access cards ("tokens")
as seeds for full session encryption rather than just for password
devices. Since the encryption requires three parts (PIN, challenge, and
token) which are only physically together at the secure system, and since
only the challenge passes on the net, and since once encryption starts
you have not only provided protection to the session, you have also
authenticated both ends simultaneously (by the fact that you can
communicate), it seems ideal. *And everything necessary already exists*.
>From several US companies. It just has not been put together as a
commercial product (FUD at work 8*(.
 
Since key generation is on-the-fly at the onset of the session, obviously
what the gov needs is not the key but the "key to the key" (of course
computers, even a PC, are really good at this.
 
The real question is "Why a new chip ?"  The technology to do this has
been around for years and several DES chips are available commercially
today. The BCC laptop (I like Beaver better 8*) 007 provides this
internally today with (I believe) the LSI-Logic chip and
Enigma-Logic's PC-SAFE (plugs) does the same with software alone. As
indicated in the announcement, financial institutions have been using
encrypted transmissions for years without any great outcry.
 
IMHO the real hold-up has been $$$ - cheap error-correcting modem 
technology to prevent synch losses rather than a lack of good crypto 
algorithms. Today this is a done deal (actually we have known how to
keep in synch since the sixties but you couldn't buy 56kb for under
$300.00 at BizMart - now part of K-Mart ! - then).
 
True, there are a lot of questions yet to be answered, but again IMHO 
most center on the exception cases and not the encryption technology
itself.
 
Padgett
 
---- End Forwarded Messages --------------------------
 
Cheers.
 

Paul Ferguson                    |  Uncle Sam wants to read
Network Integration Consultant   |       your e-mail...
Centreville, Virginia USA        | Just say "NO" to the Clipper
fergp at sytex.com                  |          Chip...






More information about the cypherpunks-legacy mailing list