From: Jim Gillogly <jim@acm.org>
Date: Sat, 2 Sep 95 21:35:08 PDT
To: cypherpunks@toad.com
Subject: Crypto '95: Robert Morris
Message-ID: <199509030434.VAA24841@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain


Bob Morris (recently retired from NSA) gave a fascinating invited lecture
entitled "Non-cryptographic Ways of Losing Information".  I hope he writes
it up; until then, here are my notes from his presentation.

Two things he said which I found new and fascinating:

- During the early 1950's many major powers were discouraged by the
  tendency of then-modern crypto machines to fail in a way that would send
  plaintext instead of ciphertext, and they went to one time pads for most
  of their high-level enciphered traffic.  Because of key re-use, we were
  regularly and routinely reading pieces of that traffic -- not just
  VENONA, but many systems from various countries.  Sometimes the people
  who prepared OTP's would double their profit by selling them to more
  than one customer.

- By the middle to late 1960's cryptanalysis became less cost effective
  than obtaining the information by other means -- wiretaps and so on.

Morris emphasized and said we should write down these dicta:
-------------------------------------------------------------------------
Never underestimate the attention, risk, money and time that an opponent
will put into reading traffic.

Rule 1 of cryptanalysis: check for plaintext.
-------------------------------------------------------------------------

The real start of modern cryptology should be dated to the Enigma
machines, which typified the new character of the art.  Much has been made
of the errors of the German cipher clerks, but egregious as they were, the
errors made by the British cryptographers were vastly worse, and the
American blunders were worse yet.  German analysts regularly read and used
Atlantic convoy orders throughout the war -- they were transmitted in an
old code.

One must always assume that the enemy has a copy of the machine/algorithm.
A system that relies on keeping the algorithm secret is eventually doomed
to failure, because it will always be discovered by some means or other.

He sees microphones and antennas everywhere: the telephone line cord is
an antenna; if telephone linemen were working on a pole outside his house
he'd call the police an then find out what they were working on.  In an
unspecified country he called Lower Slobbovia (Al Capp, isn't it?) American
troops used encrypted radiophones; when they broke they were taken to local
repair shops to be fixed.  When they got home the US engineers were
interested to see the modifications that had been made.  He mentioned a
few similar instances, including the lovely carved wooden seal given to
the US Embassy in Moscow to decorate their anteroom. [It's now on view at
the National Cryptologic Museum with the transmitter cavity visible.]
Cordless phones have a range of 5 miles or so.  Use of cellular phones is
increasing dramatically, as well as fax and modems.

He discussed the Walker/Whitworth spying case, and said one of his design
criteria is to design systems with Walker in them: it's not good enough to
have a system where everyone must be trusted, but it must also be made
robust against insiders.  This may include going to non-paper systems, so
that there are no paper keys that the Walkers of the world can shop to the
other side.

Threats and risks include: overconfidence, carelessness, eavesdropping and
tapping, theft of floppies and other materials, purchase, theft of key
material, burglary and blackmail.  Much or most loss is due to insiders.

In the future there will be more radio used for ordinary communications.
Americans are unwilling to pay for secure telephones, but that's not the
case in Europe.

-------------------------------------------------------------------------
Reported by:

	Jim Gillogly
	12 Halimath S.R. 1995, 04:33