From: minow@apple.com (Martin Minow)
Date: Wed, 3 Jul 1996 15:06:28 +0800
To: John Pettitt <cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <v02140b02adff9a30dcea@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt recalls an question from the audience at the SAFE conference:

>
>One questioner from the audience made an interesting point that given
>that most of american can't seta vcr clock crypto will be totally
>beyond them unless it becomes pervasive ("you can buy it at radio shack").
>

It's not quite that bad. Here are a few (more or less strong) crypto
products you might not know you have:

1. Every Macintosh made since at least 1988 has a secure authentication
   client module in the AppleShare Chooser dialog. When you use it to
   connect to a remote server, it notes that the user information
   is "two-way scrambled." (The server sends a random number challenge
   that the client uses to encrypt the username and password. The
   encrypted information is sent to the server.) All Macintosh systems
   running System 7 or later have the corresponding server software.
   What is interesting about this is that the encryption is completely
   invisible to the user.

2. At least one garage door opener company offers an opener that
   resets itself -- an intruder can't record the signal and play it
   back as the "key code" is one-time only.

However, I agree with the questioner regarding the "set VCR problem."
I suspect that the major problems in deploying strong crypto will
be in marketing and human engineering -- and that the current
regulatory environment adds to the difficulty by removing marketing
incentives to do high-quality human engineering.

Note that the VCR companies have solved the vcr problem by receiving
a timecode from a local television station -- making the problem
invisible to the end user. We should be able to do the same with
strong crypto.

Martin Minow
minow@apple.com