[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Matt Blaze's Clipper attack -- details

To: [email protected]
Subject: Re: Matt Blaze's Clipper attack -- details
From: "Perry E. Metzger" <[email protected]>
Date: Thu, 02 Jun 1994 15:24:11 -0400
Cc: [email protected]
In-Reply-To: Your message of "Thu, 02 Jun 1994 14:55:22 EDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


[email protected] says:
> The LEAF contains a 32 bit unit id, an 80-bit session key encrypted
> with the per-device secret key, and a 16 bit checksum.  The whole thing
> is encrypted with the family key.  The checksum field is based on both
> the session key and the IV.

I'll point out that Matt concluded this based on empirical analysis of
LEAFs and IVs, no available documentation describes the nature of the
checksum. (More kudo's to Matt).

BTW, LEAF/IV pairs are manipulated by Tessera as a single operation. I
suppose this is, in retrospect, a big hint.

The observation that non-synchronized IVs pose little or no problem
was also another "damn; that should have been obvious" that Matt
picked up on and no one else got. I suppose the fact that the NSA
folks mixed the IV into the checksum meant that they thought
non-synchronized IVs would be more significant than they are.

Perry

PS Matt, you now have 14 more minutes of fame remaining. :-)

References:
- Matt Blaze's Clipper attack -- details
  - From: [email protected]

Prev by Date: Re: PGP 2.6 FAQ
Next by Date: Re: Black Eye for NSA, NIST, and Denning
Prev by thread: Matt Blaze's Clipper attack -- details
Next by thread: Re: Black Eye for NSA, NIST, and Denning
Index(es):
- Date
- Thread