[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Faster way to deescrow Clipper



Could someone please enlighten me on this: It seems from the descriptions
of the hack to fake a LEAF that 1) When two Clipper chips are going to
communicate, one of them generates the session key and sends a LEAF to the
other chip, 2) The second chip recognizes the LEAF as being valid based on
the validity of the checksum, but does not determine the session key from
the LEAF.

If that's the case, then 1) How does the second chip find out what the
session key is? 2) Doesn't the second chip also have to generate and send a
LEAF, if for no other reason than to identify itself to the wiretappers,
and if so won't that give away the session key if that chip's device is not
also hacked? 3) If all that is needed for this hack is a LEAF with a proper
checksum, why go through the brute force method of generating random LEAFs?
Why not just buy (or steal or whatever) another Clippered device that you
never use for real communication so the wiretappers have no record of who
has that serial number, and get LEAFs from it? For that matter, why can't
you obtain one LEAF from listening to anybody's Clippered transmission and
use it over and over again?

It can't be *that* simple, can it?

 -- sidney <[email protected]>