your mail

Erich von Hollander erich at soda.Berkeley.EDU
Thu Apr 28 03:16:08 PDT 1994 


> I had the dubious pleasure of meeting Baker in person a year ago
> during a CPSR-sponsored conference in DC. I had argued vigorously with
> him during a break before I realized that he was NSA's general
> counsel; afterwards, I realized that if I didn't have a file with them
> before, I certainly would later. :-)
> 
> I argued that the bad guys would have strong cryptography no matter
> what laws were passed, so we might as well make sure the good guys
> could have it too. His retort, repeated quite a few times, was, "So,
> your attitude toward the government is "Fuck 'em if they can't take a
> joke?" It wasn't exactly a reasoned, logical debate.

maybe he's a subgenius.  [note to whichever nsa employee is reading
this: check out the book of the subgenius for more info on this.  it's
really good reading, anyway.]

about the bad guys getting strong crypto:

let's review the des story for a moment, keeping in mind that clipper
in the 90s may be a repeat of des in the 70s:

des came out of the lucifer project at ibm in the early 70s and was
adopted as a standard in 1976.  at the time it was published, the
design criteria of the s-boxes were classified, and this worried many
people.  everyone suspected that the nsa had hidden a backdoor of some
kind in the s-boxes.  the truth behind the s-boxes finally came out in
1990 when biham and shamir published the idea of differential
cryptanalysis.  it turns out that the design of the s-boxes is
optimized against differential cryptanalysis and also that the 16
rounds were chosen specifically to defeat differential cryptanalysis.
ibm researchers and the nsa knew about that in the early 70s.

so the nsa did two things: they made sure that des was safe against
differential cryptanalysis, in case some other entity had also
discovered it, and also they classified the criteria of the design, to
make sure that the public wouldn't find out about differential
cryptanalysis.  the nsa came out looking bad, but in retrospect, both
of these actions really were for the benefit cryptography users.

of course the 56 bit key size is more suspicious now than ever, and i
would be very surprised if a des breaking machine didn't exist
somewhere in the world.

could clipper be the repeat of this story?  on the surface, it all
looks pretty suspicious, and maybe the character of the nsa has
changed since the 70s, but we can't dismiss the possibility that it
really is somehow in our own best interests.  remember, they know more
about cryptography than any other group anywhere in the world.

e

More information about the cypherpunks-legacy mailing list