[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LEAF forgery



-----BEGIN PGP SIGNED MESSAGE-----

I wrote about a possible trapdoor in Skipjack to which Perry replied:

>Your belief is without evidence. It is a supposition. I'd say the NSA 
>has a lot to lose by putting holes in Skipjack.

How true, yet the NSA also had a lot to lose by putting out a flawed 
backdoor in Skipjack which essentially negates much of this features (LEAF)
value. They did so none the less. In addition, I remember the comments 
of Stuart Baker; the audacity was typical of an organization which would
put in just such a hole and smugly disbelieve that anyone would find out.
In addition, it is possible that the agency is not alarmed about their LEAF
problems because they don't need to use it. Of course, even if the whole
algorithm was compromised I don't think they would show alarm outwardly. The 
possibilty is still there.

Since one does not know the Skipjack design, a belief that it does not 
contain a trapdoor is without evidence and also a supposition. My contention
is that the NSA is cocky enough to disregard the consequences of putting
holes in Skipjack. 

>None the less, I wouldn't use Skipjack, because I don't trust things I
>don't know the design of.

Me neither, and randomly generating new LEAF fields would not give me 
comfort as to the security of my transmissions. Which is the main point
here in my mind.

Scott G. Morham            !The First,
[email protected]!          Second  
PGP Public Keys by Request !                and Third Levels 
                           !      of Information Storage and Retrieval
                           !DNA,
                           !    Biological Neural Nets,
                           !                           Cyberspace


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe92xz2paOMjHHAhAQHaUwP/T+Di/N7ej8pfW7jKJJHmV8CTfJaYkYgt
ejB2M+QTs23i+6AdT6yiSfs+cGXz19F/eHiNtvemJyYujnyXP8EjxeqkhCIjtu+/
ZkF9dBWSC6V1Xj7MycPZbG8lgv7EY57nnVDU7smv42xbRx9Co9qYF9zRdhe0WRZc
Hdzm4YP+8Bw=
=T1Tz
-----END PGP SIGNATURE-----