From: Mike Ingle <MIKEINGLE@delphi.com>
Date: Wed, 29 Sep 93 20:46:33 PDT
To: cypherpunks@toad.com
Subject: Active Eavesdropping of Clipper Phones
Message-ID: <01H3JEQNSDGS90NQOF@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


From what I've read, the basic Clipper chip provides no key management, and
AT&T is going to use DH. If there is no key certification involved, wouldn't
this be vulnerable to active eavesdropping?

In other words, cut the victim's phone line somewhere between his house and
the central office. Connect up your tap. It just passes voice through, but
when he goes secure, it breaks in and hijacks the key exchange. Instead of
the two phones exchanging keys with each other, both exchange keys with your
tap. Now you have two keys. Load each into a Clipper chip. Send the received
data to one chip to decrypt, then to the other to encrypt with the other
key, and send it on its way. Neither party would know he's being had - it is
much like feeding someone a phony PGP key.

The tap could use stock Clipper chips, with no need to reverse engineer,
since they will be used for their intended purpose - to communicate with
another Clipper at the far end. You could probably reduce it to a notebook
computer and the guts of two AT&T ClipperPhones.

There must be something to prevent this - isn't there?

--- MikeIngle@delphi.com

"Hey hey, NSA, how many phones did you tap today?"