[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mitch on the Clipper Mailing list
I had asked Mitch to repost any communications that
have gone over this list. He has.
I appreciate his willing to clear up this issue.
As I have stated before, I believe him, that NIST simply
created this list of people they wanted to be in direct
contact with.
/harry
a conscious being, Mitchell Kapor wrote:
> From [email protected] Sun Apr 18 00:58:00 1993
> Message-Id: <[email protected]>
> Date: Sun, 18 Apr 1993 08:58:00 -0800
> To: [email protected]
> From: Mitchell Kapor <[email protected]>
> Subject: Re: The mysterious mailing list
>
> I received the statement of the Press Secretary and the public fact sheet
> from Ed Roback. I have not repoduced the full text as it is readily
> available elsewhere.
>
> Following this is a thread between Gerano Cannoni and Martin Hellman. I
> have deleted the text of Marty's longest response, as it is being
> circulated elsewhere.
> Last, there is a single message from A. Pagett Patterson.
> And that's it (assuming I haven't missed something in reviewing my
mail stream).
> Feel free to re-post this, put in on an FTP, whatever. I don't have any
> more time to deal with this issue.
>
> Date: Fri, 16 Apr 93 11:02:59 EDT
> From: Ed Roback <[email protected]>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Fri, 16 Apr 93 11:02:59 EDT
> To: [email protected]
> Subject: text of White House announcement and Q&As on clipper chip encryption
>
> Note: This file will also be available via anonymous file
> transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and
> via the NIST Computer Security BBS at 301-948-5717.
> ---------------------------------------------------
>
> THE WHITE HOUSE
>
> Office of the Press Secretary
>
> _________________________________________________________________
>
> For Immediate Release April 16, 1993
>
>
> STATEMENT BY THE PRESS SECRETARY
>
>
> The President today announced a new initiative that will bring
> the Federal Government together with industry in a voluntary
> program to improve the security and privacy of telephone
> communications while meeting the legitimate needs of law
> enforcement.
> ...
>
> Date: Fri, 16 Apr 93 16:44:10 EDT
> From: Ed Roback <[email protected]>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Fri, 16 Apr 93 16:44:10 EDT
> To: [email protected]
> Subject: White House Public Encryption Management Fact Sheet
>
>
>
> Note: The following was released by the White House today in
> conjunction with the announcement of the Clipper Chip
> encryption technology.
>
> FACT SHEET
>
> PUBLIC ENCRYPTION MANAGEMENT
>
> The President has approved a directive on "Public Encryption
> Management." The directive provides for the following:
> ...
>
> Posted-Date: Sat, 17 Apr 93 01:26:06 +0200
> From: [email protected] (Germano Caronni)
> Date: Sat, 17 Apr 93 01:26:06 +0200
> To: [email protected]
> Subject: Clipper-Chip Escrow-System Flaws
> Newsgroups:
> alt.privacy,sci.crypt,alt.security,comp.security.misc,comp.org.eff.talk
> Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH
> Cc:
>
>
> Good day,
> as a non-citizien of USA I have read your announcment of the
> 'Clipper-Chip' with great interest, and am happy to see a increase
> in lawful privacy in the USA. I hope this policy will extend to
> other countries too.
> In the meantime I suspect two flaws in the 'Clipper-Chip' as it was
> announced today via NIST/electronic media.
>
> 1) Keeping secret the algorithm which performs encryption is in my
> humble opinion a bad idea. It hinders 'Clipper' to get publicly
> accepted, and hinders the minute examination of the Clipper-
> Algorithm by other then a few experts.
> But I am sure this was well considered.
>
> Now the important suggestion :=)
>
> 2) By splitting the 80-Bit-Key of clipper in two parts, and give
> them to different organizations, you add an uneeded WEAKNESS
> to the escrow-system. This way, corruption of one escrow will
> allow an easier attack on the Key than might be possible.
> (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive
> keysearch is definitively no problem.)
> You might instead generate 2 (or even more, if this ist not
> politically indesired) 80-Bit-Sequences which, when XOR-ed
> together will provide the original, needed key, but alone they
> are worthless. I am sure persons with knowledge in this area, which
> surely can be found at NIST (or wherever) will agree.
>
> I hope that this remark is of interest for you.
>
> Friendly greetings,
>
> Germano Caronni
>
>
> P.S.
> I am sure you have remarked, that the current policy is interpretable
> to tend toward an abolition of 'unbreakable' secure communication
> via electronic Media, and hope that this will _not_ come true.
>
> Disclaimer: This mail is in now way whatsoever connected to the Swiss
> Federal Inst. of Technology, but expresses my personal thoughts.
>
>
>
>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Fri, 16 Apr 93 22:32:14 PDT
> Date: Fri, 16 Apr 93 22:32:14 PDT
> From: "Martin Hellman" <[email protected]>
> To: [email protected], [email protected]
> Subject: Re: Clipper-Chip Escrow-System Flaws
>
> I received your message suggesting:
>
> 2) By splitting the 80-Bit-Key of clipper in two parts, and give
> them to different organizations, you add an uneeded WEAKNESS
> to the escrow-system. This way, corruption of one escrow will
> allow an easier attack on the Key than might be possible.
> (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive
> keysearch is definitively no problem.)
> You might instead generate 2 (or even more, if this ist not
> politically indesired) 80-Bit-Sequences which, when XOR-ed
> together will provide the original, needed key, but alone they
> are worthless.
>
> In a conversation with NSA today, I was told
> that two random 80-bit numbers will be XORed to produce
> the 80-bit key and the two individual numbers kept by
> two separate escrow authorities -- who they are is
> to be decided. So your suggestion is, in fact, how it
> will be handled.
>
> martin hellman
>
> Disclaimer: this in no way should be interpreted to mean
> that I approve of the Clipper Chip. While I am still in the
> process of learning more about it, my immediate reaction
> was not positive. More later.
>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Sat, 17 Apr 93 23:05:23 PDT
> Date: Sat, 17 Apr 93 23:05:23 PDT
> From: "Martin Hellman" <[email protected]>
> To: [email protected]...
> Subject: Clipper Chip
>
>
> Most of you have seen the announcement in Friday's NY Times,
> etc. about NIST (National Institute of Standards & Technology)
> announcing the "Clipper Chip" crypto device. Several messges
> on the net have asked for more technical details, and some have
> been laboring under understandable misunderstandings given
> the lack of details in the news articles. So here to help out
> is your friendly NSA link: me. I was somewhat surprised Friday
> to get a call from the Agency which supplied many of the missing
> details. I was told the info was public, so here it is (the cc of this
> to Dennis Branstad at NIST is mostly as a double check on my
> facts since I assume he is aware of all this; please let me know
> if I have anything wrong):
>
> ...
>
>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Sat, 17 Apr 93 08:55:31 -0400
> Date: Sat, 17 Apr 93 08:55:31 -0400
> From: [email protected] (A. Padgett Peterson)
> To: "[email protected]"@uvs1.dnet.mmc.com
> Subject: Panel
>
> I would like to be considered for the "outside panel" assessing the
> Clipper Technology.
> A. Padgett Peterson, P.E.
>
>
>
--
Harry Shapiro [email protected]
List Administrator of the Extropy Institute Mailing List
Private Communication for the Extropian Community since 1991