1994-03-28 - Re: Ames/clipper compromised?

Header Data

From: smb@research.att.com
To: Brian D Williams <talon57@well.sf.ca.us>
Message Hash: 390a61700b983bb74a0134a4f87ab26fd60868e2f7aa4e50c7f8beda89c1ce8a
Message ID: <9403281448.AA14338@toad.com>
Reply To: N/A
UTC Datetime: 1994-03-28 14:48:18 UTC
Raw Date: Mon, 28 Mar 94 06:48:18 PST

Raw message

From: smb@research.att.com
Date: Mon, 28 Mar 94 06:48:18 PST
To: Brian D Williams <talon57@well.sf.ca.us>
Subject: Re: Ames/clipper compromised?
Message-ID: <9403281448.AA14338@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks much for posting.  I have a lot of trouble with much of the
article, though, on purely technical grounds.  Consider the following
passage:

	 The  words I also heard were, "If there's only even a  1%  chance 
	 that  Clipper has been compromised, the whole thing's  over.   We 
	 have to start from scratch."

What does it mean to ``compromise'' Clipper?  The algorithm is known?
No big deal, in my opinion -- Skipjack was almost certainly designed to
be strong even if the algorithm was known.  (As I've said before, I tend
to believe NSA on that point.  I suspect they're telling us the truth
about Clipper -- just not the whole truth -- and what they've said is
damning enough even if 100% accurate.)  It's also quite unlikely that
Ames would ever have seen the algorithm; it's just not something he'd
have any reason to know.

Might he have stolen the family key?  More plausible, though again it's
not something that would be left lying around, as opposed to being
embedded in equipment.  Could he have turned over a magic decoder box,
which would have to know that key?  Not at all unreasonable -- and the
decoder boxes are at a sufficiently early stage of design that they
may not yet be armored against tampering.  But from everything that's
been published, very few Clipper chips have been deployed so far.  It
would not be a major project to recall and rekey the devices.

Copies of the key escrow databases?  Same argument applies -- though if
that's what was stolen, we have to ask how he had access to ``both'' of
them.  I don't believe there have ever been any categorical statements
about how FISA access to Clipper conversations would be obtained.  See
above under ``whole truth''...

It may be, of course, that the episode has made the powers that be wonder
about the wisdom of keeping any such keys around.  There's been a very 
strong trend in recent years to avoid *any* sort of cryptography where
session keys live anywhere but inside sealed boxes, precisely to avoid
key theft.  (See Diffie's retrospective on public key technology for
more detailed discussion and some examples.)  And it's also why the
government doesn't want to use Clipper -- as opposed to Skipjack -- for
classified information.  

So -- if the story is true, just what did Ames steal that would require
them to ``start over from scratch''?  Is there another back door?  That's
the only thing I can think of that would require such an action -- which
means that if they do hold off, there's a new topic to explore via FOIA
requests and the like.

		--Steve Bellovin





Thread