[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
comments on the clipper
Going through all the messages on the Clipper, I noticed what may be
a flaw that wasn't quite addressed...
The family key, which is the same for all devices, is hardwired onto
the chip with the algorithm. However, the device serial number and
the unit key must be burned into a ROM. This is somewhat like the
EIN/MIN burned into the ROM of a cellular phone. Just ask anyone who
is familiar with cellular fraud how difficult it is to change the
EIN/MIN of the phone. So it should be more than possible for anyone
to throw a wrench into the system by using hacked phones that have a
random device serial number. In this way it would not be possible
for authorities to obtain the proper unit key since the device serial
number would not exist in the escrow authority's database or would
have the incorrect unit key associated with it.
Of course, it is possible that the scheme (i.e. the algorithm and the
handshaking) is not secure. Assuming it is not truly secure, I would
think that only such agencies as the NSA and FBI would have not only
the resources to decrypt Clipper generated communications without the
session key, but the resources to keep such equipment from public
knowledge (i.e. there is a companion device that breaks such
communications). It would most likely be too difficult to keep such
equipment secret if it were available to local and state authorities.
Furthermore, the whole idea of escrow agents is hogwash to me. How
difficult is it to get someone's credit report? How difficult is it
to get social security records on a person? Apparently no
information held by a government or even private agency like TRW is
impossible or even exceedingly difficult to obtain, and anyone
wishing to intercept your communications will simply have to buy off
the appropriate persons at each escrow authority.
To sum up, I think the whole idea stinks.
andrew