From tburghardt@igc.apc.org Tue Jun 7 05:02:01 1994 Received: from mail.igc.apc.org by fido.wps.com (8.6.5/wps.com-hackery) id WAA01934; Mon, 6 Jun 1994 22:02:00 -0700 Received: from igc.apc.org by mail.igc.apc.org with SMTP (8.6.9/Revision: 1.26 ) id VAA17368; Mon, 6 Jun 1994 21:58:32 -0700 Received: by igc.apc.org (8.6.9/Revision: 1.160 ) id VAA25037; Mon, 6 Jun 1994 21:58:26 -0700 Date: Mon, 6 Jun 1994 21:58:26 -0700 From: Tom Burghardt Message-Id: <199406070458.VAA25037@igc.apc.org> To: deke@fido.wps.com, jim.bill@syntex.com, kay9bee@aol.com, resist@igc.apc.org, sashar@igc.apc.org, sciww@fido.wps.com, shadow@netcom.com, steiner@netcom.com, vad@fido.wps.com, virginia@ella.mills.edu, wjones@igc.apc.org Subject: Crypto/Anarchy Cc: dtv@well.com, markalf@igc.apc.org X-Status: Status: OR crypto ** Topic: Clipper Defeated? A Black Eye for N ** ** Written 10:46 am Jun 3, 1994 by tcmay@netcom.com in cdp:misc.activism. ** Maybe my newsfeed is just slow today, but I see no discussion in these newsgroups of the report in today's "New York Times" (6-2-94) that Matt Blaze of AT&T has found a way to defeat the intent of Clipper/Capstone/Tessera/etc. by effectively spoofing the LEAF field and thus making communications unreadable. (This is _not_ just preencryption, as I understand it.) If so, this seems to imply several things: 1. The "independent review" was apparently not very thorough. (Of course, the team only met a few times, or less, and Professor Denning has said that she was unable to break Clipper with the time she had on a Cray, suggesting a brute-force approach rather than the kind of attack Matt Blaze tried. In their defense, but of no help to the proponents of Clipper, cryptanalytic attacks _often_ take years to reach fruition, which is one reason not to trust algorithms which have not withstood years of attack, especially _secret_ algorithms.) 2. This seems to imply NSA is waning in cryptographic competence, unless the flaw is either not a real one (time will tell). If NSA assumed that keeping parts of the system secret would stop attacks such as Blaze has apparently discovered, then they made a very serious mistake. 3. Blaze says in the article that the flaws can probably be fixed (for his exact words, see the article....I've mostly seen discussion in the Cyperpunks group and haven't yet had a chance to see the original article...mea culpa). But this fix will mean redesigns, affecting vendors. Of course, commercial acceptance of Clipper has been invisible, as near as I can tell, so this will not affect "volume" shipments. 4. The talk about a patent fight by S. Micali over "key escrow" is another factor. This all will likely further undermine confidence and help to "Sink Clipper!" as the great tee shirts from RSA Data Security Inc. say. I'm not crying. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." ** End of text from cdp:misc.activism. ** -- Transfer complete, hit or to continue --