[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sterilized Medflies of Crypto

Carl Ellison writes:
> It hit me yesterday that if the FBI succeeds in getting the Clipper chip as
> the de facto hardware standard for encryption, it will be like the effort
> to fight the Medfly infestation by releasing sterilized flies: a world full
> of worthless encryption chips -- ones we'd never be able to use ourselves
> or export, but with chips occupying the sites labeled "encryption chips go
> here".
> Meanwhile, notice how the FBI & Co. chose to milk the accusaiton that if
> the algorithm is secret, it might have a back door?  ...ignoring the
> obvious security weakness in the registration itself?  I have heard nothing
> about the registration plan -- probably never will.  It's too easy for them
> to fight over security of algorithms.

The whole argument over whether or not the algorithm is secure is a wild
goose chase designed by the NSA.  Yes, it's a fucking ploy in case anyone
hasn't realized it.  They can bring in D. Denning and a dozen other
"cryptographic experts" to analyze the algorithm and say "We find this
algorithm to be free of backdoors." *FIRST*, any hacker worth his weight
in mud knows that an algorithmic backdoor is several hundred orders of
magnitude harder to unearth than it is to create/bury in an algorithm.  If
Denning and the others say the algorithm is good, that doesn't mean that a
backdoor doesn't exist, only that they haven't found it. *SECONDLY*, let
us give the NSA and FBI the benefit of the doubt, and assume that there is
no back door in the _algorithm_. HOWEVER, there is no way for us to know
if a backdoor in the _chip_ will be designed onto the production IC mask,
one that can disable the algorithm by remote control (a secret 64-bit code
sent down the phone line to your phone telling it to turn your Skipjack
chip off).  Remote control of the chip is but one method of building a
backdoor into the chip that has nothing to do with the algorithm, and of
course there are hundreds of others.  Is Denning and the crew authorized
to inspect the chip fabrication IC masks that will be used for
manufacturing the _actual_ chips?  Assuming they are allowed to inspect
the hardware design (I'm sure this will be the second wild goose chase to
prove to the American public that the chip is secure), the NSA/FBI can
just as easily show the "experts" the IC mask of a chip without the
hardware backdoor, and then tell the manufacturers produce chips with the
hardware backdoor. 

I hope that the press is aware of the above and are not buying into the
government's bullshit and wild goose chases designed to prove something
secure which inherently cannot be proved secure simply because it is
manufactured in secret.  I have not seen this idea mentioned in the press
so I assume they are unaware of how many low down tricks the NSA is
willing to stoop to in order to get this chip to be trusted by the
American public.