[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clipper/Capstone/Skipjack excerpts from Cud 6.28
A couple of interesting articles on Clipper/Capstone/Skipjack which
were included in the latest CuD, for those who haven't already
seen it...
- paul
8<-------------------- cut here -------------------------------
Date: Wed, 30 Mar 1994 22:03:00 CST
Sender: CU-DIGEST list <[email protected]>
From: "(Jim Thomas)" <[email protected]>
Subject: Cu Digest, #6.28
----------------------------------------------------------------------
Date: Sun, 27 Mar 94 17:35:00 -0700
From: [email protected](Walter Scott)
Subject: File 1--Downs Down On Clipper
The Clipper Chip proposal from the Clinton Administration --
which would essentially have government broker individual electronic
privacy rights -- is collecting still more opposition. One of the most
recent opponents to Clipper is media icon Hugh Downs. Downs is well
known for his days as a co-host of the Today Show, host of the game
show Concentration, and his current position as co-host of ABC-TV's
20/20. Downs is also a respected advocate for "mature" adults. Downs
delivered his "perspective" as to Clipper on the 03-27-94 edition of
ABC radio's "PERSPECTIVES." In Downs' segment, much cryptography
history -- as it relates to radio -- was explained while Downs laid
the foundation for expression of his opinion on Clipper. The
following text is a direct transcript of Downs' summation:
------------- TRANSCRIPT BEGINS ------------------------
It's not designed to stop criminals from sending encrypted messages
because criminals will always be able to do that. If the NATIONAL
SECURITY AGENCY puts a spy chip on American computers, then the
criminals will simply avoid the chip and use other computers that
don't spy on them. But, it wouldn't be just criminals who would buy
foreign made computers. Anyone who wants a private life would have to
buy foreign, too. According to John Perry Barlow, who's co-founder and
Vice-chair of the Electronic Frontier Foundation, Vice President Gore
says he wants the Clipper Chip installed in all American-made
computers designed for export. Now, you don't have to be a computer
whiz to realize that -- if American computers were forced to have a
spy chip built into them -- then fewer people would buy American
computers.
The computer owes an enormous debt to cryptologists because
cryptologists needed machines to disguise radio messages. The
information highway is certainly as wide open as radio. Indeed, much
of it is already radio. Cellular phones and cellular FAX will quickly
expand to cellular modem and satellite communications. As it is, most
of this information goes out unprotected. The time has arrived for
individuals to have high levels of security. The information
superhighway will eventually contain every scrap of information we
could possibly imagine. And that means there will be all sorts of
unscrupulous people out there trying to hack into our lives.
Information-highwaymen are bad enough when they're fourteen years old.
But now, adults -- who work for the government -- want to play hacker,
too. The Clipper spy chip is bad business for everyone.
Information-highway-safety should be a top priority for all of us.
------------ TRANSCRIPT ENDS --------------------
The Hotline/Seattle ~ (206) 450-0948
------------------------------
Date: Tue, 22 Mar 1994 15:47:00 GMT
From: [email protected](Chris Hind)
Subject: File 2--Reply to "Clipper Paranoia" (CuD #6.26)
This is my reply to: [email protected](bruce edwards)
Subject--Opposing Clipper is "paranoia" with good Reason (Cu Digest,
#6.26)
>Its existence will make no difference at all. The very smart ones
>may use PGP or something else, and again, clipper will be meaningless.
We could easily build it into the net, making it impossible for the
government to stop us. Sound like a good plan?
>Because it will probably prove constitutionally impossible
>to outlaw widespread private encryption -- something big brother finds
>hard to swallow -- the clipper/encryption push seems to me to be about
>another kettle of sharks.
Completely true, encryption cannot be outlawed. The government is
ripping itself off by giving us powerful encryption for personal use.
But for the dark personal secrets, are we really gonna use the clip
chip? Not me! I'll use PGP or something else. Criminals aren't going to
use the chip unless they're really ignorant or blatantly idiotic. So
the government is really spending lots of money to making our lines more
secure from illegal phone tappers and such but not doing a thing for
them. I believe we're getting the better part of the deal! Do they
really want to listen in on phone calls to our relatives? I don't think
so. I promote the Clipper Chip! Thanks for the free gift!
T> In my opinion (and this I am sure is obvious to most everyone) the
>encryption, bugging-port, e-mail reading agenda pursued by government
>is no more than the first icy finger of the Empire, encircling the
>throat of cyberspace.
A little dramatic here? They might win the battle but they haven't won
the war. The final battle will be when we establish a global Interactive
Television system. Then it will pit the public against the US government
and the allies it has in this dispute (if any). Nobody wants a video
camera normally used for video conferencing to be watching them in their
own living room without them even knowing it. By this time, people
will know a lot more about this scheme and most likely the public will
win this battle unless the majority of the population is as ignorant as
a two year old child to the world around them.
------------------------------
Date: Wed, 30 Mar 94 13:24:38 PST
From: [email protected](Dave Fandel)
Subject: File 9--How Clipper Actually Works
In all the anti-Clipper flaming that has been occuring I haven't
seen anything about how Clipper actually works. I generated the
following based on a lecture in a secure computer systems class I
am taking.
+----------------------------------------------------
Clipper Operations:
Chip
+----------------+
| |
Message (M) -->| Algorithm (E) |--> Encrypted Message (B) = E [M]
| Chip ID (ID) | K
| Chip Key (U) |
User Key (K) -->| Family Key (F) |--> Encrypted ID and Key (A) =
| | E [ID | E [K]]
+----------------+ F U
Note: E [Q] means Encrypt Q with key R
R
+-----------------------------------------------------------
The User Key is a session key that is generated by the two ends
in the following manner:
Side A Side B
Generate a, X Generate Y a, X and Y are random #
Send a and a^X ------>
Receive a and a^X
<------ Send a^Y
Receive a^Y
Generate K=(a^Y)^X Generate K=(a^X)^Y ie key K=a^(XY)
So a, a^X, and a^Y can all be intercepted without giving away key.
+----------------------------------------------------------------
So where does the government and the Key Escrow come into it? Note the
2nd output from the clipper chip - it is the ID of the chip and an
encrypted version of the session key. The government will know the
family key and can extract the ID. Then they go to the two escrow
agencies (NIST and the Treasury Dept.) and get the two components of
the chip key U. This allows the session key to be extracted and the
message to be decrypted.
Agency 1: ID and U(A) U(A) --+
OR --> U
Agency 2: ID and U(B) U(B) --+
+------------------------------------------------------
General comments:
1. The Algorithm for the clipper chip is an NSA Type II algorithm
called Skipjack. Type II is for unclassified, but sensitive.
2. If you could reprogram the Chip Key (U) or block the transmission
of the encrypted ID and key this concept wouldn't be to bad.
3. The other point of vulnerability is at the manufacturing location
where the Chip Key is originally generated. All 3 pieces of info
(ID, U(A), and U(B)) have to be in the same place to generate the
key.
Dave Fandel
[email protected]
3/30/94
If there is anything incorrect in this document please let me know.
------------------------------
8<--------------------------- cut here ------------------------------
Cheers,
_______________________________________________________________________________
Paul Ferguson
US Sprint
Enterprise Internet Engineering tel: 703.904.2437
Herndon, Virginia USA internet: [email protected]