[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I think it is interesting how the Law Enforcement Exploitation Field
has been renamed LEAF. Good P.R. move NIST!
I'm personally not motivated to believe that Skipjack is a flawed
algorithm, but at the same time I do not consider it tested until
it has stood up to peer-reviewed public analysis.
I am very concerned about the key-exchange system. As far as I can
see, we still don't know exactly what it is, and whether that is safe.
Public key systems are much more difficult to design securely than
private key systems. The key exchange has to be secure from
eavesdroppers and also proof against "man-in-the-middle" attacks.
Furthermore, there is the traffic-analysis problem. Everything I have
read so far has indicated there will be a single system key which will
encrypt Clipper serial numbers. A trivial phone tap with someone
armed with the system key could result in massive traffic-analysis,
and the government could do this simply because they have the
system key, the Mafia will follow soon.
I think a good avenue of attack right now is to politically attack
the key-escrow parts of Clipper, and get Skipjack as a published
private-key standard. Write your congresscritters.