[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



Since I haven't seen this article float through the list,
I hope John doesn't mind it being reposted.


From: [email protected] (John Gilmore)
Newsgroups: alt.politics.org.nsa,comp.org.eff.talk
Subject: Why is clipper worse than "no encryption like we have today"?
Date: 27 Apr 94 08:50:17 GMT
Organization: Cygnus Support, Mt. View, California

Mike Tighe <[email protected]> wrote:
> But the NSA is not going to control the keys, are they? I thought it was
> going to be under the control of two independent agencies. And even if they
> are leaked, how is that worse then the system we have today, where no keys
> are required?

It's worse because the market keeps moving toward providing real
encryption.

If Clipper succeeds, it will be by displacing real secure encryption.
If real secure encryption makes it into mass market communications
products, Clipper will have failed.  The whole point is not to get a
few Clippers used by cops; the point is to make it a worldwide
standard, rather than having 3-key triple-DES with RSA and Diffie-Hellman
become the worldwide standard.

We'd have decent encryption in digital cellular phones *now*, except
for the active intervention of Jerry Rainville of NSA, who `hosted' a
meeting of the standards committee inside Ft. Meade, lied to them about
export control to keep committee documents limited to a small group,
and got a willing dupe from Motorola, Louis Finkelstein, to propose an
encryption scheme a child could break.  The IS-54 standard for digital
cellular doesn't describe the encryption scheme -- it's described in a
separate document, which ordinary people can't get, even though it's
part of the official accredited standard.  (Guess who accredits standards
bodies though -- that's right, the once pure NIST.)

The reason it's secret is because it's so obviously weak.  The system
generates a 160-bit "key" and then simply XORs it against each block of
the compressed speech.  Take any ten or twenty blocks and recover the
key by XORing frequent speech patterns (like silence, or the letter
"A") against pieces of the blocks to produce guesses at the key.  You
try each guess on a few blocks, and the likelihood of producing
something that decodes like speech in all the blocks is small enough
that you'll know when your guess is the real key.

NSA is continuing to muck around in the Digital Cellular standards
committee (TR 45.3) this year too.  I encourage anyone who's interested
to join the committee, perhaps as an observer.  Contact the
Telecommunications Industry Association in DC and sign up.  Like any
standards committee, it's open to the public and meets in various
places around the country.  I'll lend you a lawyer if you're a foreign
national, since the committee may still believe that they must exclude
foreign nationals from public discussions of cryptography.  Somehow the
crypto conferences have no trouble with this; I think it's called the
First Amendment.  NSA knows the law here -- indeed it enforces it via
the State Dept -- but lied to the committee.
-- 
John Gilmore                [email protected]  --  [email protected]  --  [email protected]
Can we talk in private?        Join me in the Electronic Frontier Foundation.
Not if the FBI and NSA have their way.            Ask [email protected] how.