[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Black Eye for NSA, NIST, and Denning
[email protected] (Thaddeus Beier)
>DEADBEAT sez
>>> and importance of Blaze's result for what it is: minuscule.
[with which thad disagrees:]
>Blaze's result destroys the current justification...
Both exaggerate, me thinks.
1) Dr. Blaze blasts out of the water any justification for faith in
the competence/honesty of the NSA in this matter. This is a real
basic, easy to explain to the corner barber, case of the NSA being
caught with its pants down. It was a serious technical flub for them
to leave something "this easy"* in the PCMCIA version of Clipper.
* "this easy" is compared to the billions-and-billions of years good
crypto systems are supposed to hold up, it is not a dig on Dr. Blaze
who knows one hell of a lot more about this than do I.
2) We might be net-geeks, but Normal People--even crooks--still use
the phone. It is not at all clear to me that the Blaze LEAF Spoof
(BLS?) is something which will easily retrofit to a Clipper *phone*.
First, is it theoretically possible to do his spoof in the key
exchange of a telephone call? Second, is it possible to do it quickly
enough that the other phone doesn't get suspicious--i.e., time out?
Third, is the needed spoofing hardware something tiny which I will be
able to find a Circuit City for $30, which I can trivially plug into
my phone as I walk out the door? If not, the practical result is that
nearly no one will foil the phone tapping.
-kb, the mild-mannered Kent who just realized that: "Now I *am* in the
NSA's files. Even the NSA on a stupid isn't dumb enough to not
archive this list."
P.S. Seeing as how the NSA already has cypherpunks archived, maybe we
could talk them into letting us have access to their files--not
everything, just the stuff we wrote. FoIA request maybe?
--
Kent Borg +1 (617) 776-6899
[email protected]
[email protected]
Proud to claim 28:15 hours of TV viewing so far in 1994!