[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clipper == _chosen_ plaintext attack on cypherpunks?
- To: [email protected]
- Subject: Clipper == _chosen_ plaintext attack on cypherpunks?
- From: Anonymous <[email protected]>
- Date: Tue, 19 Apr 1994 02:43:48 -0400
- Comments: This message was automatically remailed by an anonymous contact service. Direct replies to this message will be non-anonymously forwarded to the original sender. For anonymous replies, use the mg5n+an... format. For more information, send mail to [email protected] Please report problems to [email protected]
- Sender: [email protected]
In <[email protected]>, SINCLAIR DOUGLAS N
<[email protected]> wrote, in reply to Bill Stewart:
> > The proposed standards I've seen on the net say you can't encrypt
> > *after* using Clipper, because that makes Clipper key-theft useless.
> > On the other hand, encryption with real systems before encrypting with
> > Clipper is undetectable until after they decrypt the Clipper, so it's
> > hard to enforce except on people who are already suspects,
> > and is unlikely to be convenient to implement (for interoperability)
> > on some of the major Clipper targets, like cellphones and fax machines.
>
> Makes sense, doesn't it? When the whitehouse guy said that encryption
> below clipper was legal but not above, we thought he was confused. However,
> we ACKed it with an NSA employee, and he confirmed it. His reasoning went
> like this: encryption below clipper can't be stopped, since one can just
> splice a cryptdec into the phone line. Encryption on top of clipper is
> impossible since the clipper phone will only accept audio input. No
> word on how that would effect clipper modems.
This explanation struck me as phony. No NSA employee would be so naive as
to actually believe that "Encryption on top of clipper is impossible
since the clipper phone will only accept audio input" and clearly the NSA
had thought about how easy it would be to "splice a cryptdec".
Then it struck me what Clipper/LEAF really does, it provides plaintext
for a _chosen_ plaintext attack on other cryptosystems.
Most of us tend to ignore chosen-plaintext attacks as being too impractical.
How would we ever be able to get the adversary to send lots of plaintext
of our (not his) chosing, we wonder.
Now suppose that No Such Agency is really years ahead of the rest of the
world in exploiting chosen plaintext to break all kinds of stuff, including
(say) DES. They've unleashed DES upon the world, and now they're sort of
regretting it. If only they could get us crypto-weenies ^H^H^H^H^H^H^H^H^H
cypherpunks to send a few thousand choice pieces of chosen plaintext.
Hmmmm. How could they do that?
Final question: Am I the last person on this list to have thought of this,
(namely, clipper as a chosen plaintext attack on other cryptosystems)?