From: greg@ideath.goldenbear.com (Greg Broiles)
Date: Sat, 17 Apr 93 01:30:08 PDT
To: cypherpunks@toad.com
Subject: Re: Clinton Administration crypto proposal/policy
Message-ID: <Jm752B1w164w@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text/plain



The Clinton Administration's recent proposal, and responses to same from
the net community, have left several questions in my mind:

o       Are these devices intended to be used as isolated pairs - such that
two phones/modems/whatever will only speak with each other .. or will any
such device speak with any other such device? If any device can communicate
with any other device, how is the key(s) for en/decryption for any
particular session determined? .. and what prevents an eavesdropper who is
present from the beginning of the session from using that data to decrypt
the conversation?

o       According to the EFF response to the proposal, there aren't really
two keys, but two 40-bit halves of one 80-bit key. Doesn't this imply that
were a "bad guy" able to get just one of those halves, the computing power
required to do a brute-force attack is considerably lessened? (I'm asking
a question here, not making a statement. I read about this because I think
it's interesting but it's not really my field.)

o       Presumably, these devices will insert into the data stream some
sort of "sender ID" which will allow eavesdroppers to know which key(s)
they need a warrant for - doesn't this seem to make it pretty easy to
keep track of data along the lines of "Station 12345 sent 500 packets to
station 31415, who sent 7734 packets in return" .. which would seem to
present privacy questions separate from (but dwarfed by :) the
security of the encryption itself?

Also, cypherpunks readers may find these two snippets from two articles
re the proposal interesting (and chilling):

---
_NY Times_, 4/16/93, p. A1 (National edition)
"The Clinton Administration plans a new system of encoding electronic
communications that is intended to preserve the Government's ability
                                                             ^^^^^^^
to eavesdrop for law enforcement and national security reasons .."
---
Eugene, Oregon's _Register-Guard_, 4/16/93, p. 3A
"The Clinton Administration is about to announce a plan to preserve
privacy in electronic communications, including telephone calls and
electronic mail, while also insuring [sic] the government's right
                                                            ^^^^^
to eavesdrop for law enforcement and national security reasons."
---

Emphasis, of course, added by me. The Register-Guard article is taken
from the NY Times' article (presumably from a wire service) and
consists of paragraphs 2,3,4,5,6,8, and 9 of the NY Times article, with
changes to the first paragraph noted above.

Grr.

--
Greg Broiles                            greg@goldenbear.com
Golden Bear Consulting                  +1 503 465 0325
Box 12005 Eugene OR 97440               BBS: +1 503 687 7764