cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1993-04-19 - Re: Fighting the Wiretap Chip Plan

Header Data

From: hkhenson@cup.portal.com
To: cypherpunks@toad.com
Message Hash: dd539bbf6d5922699f0c528eea3e8cc7ae72307f968f796669f930e2e6d44504
Message ID: <9304190012.2.12250@cup.portal.com>
Reply To: N/A
UTC Datetime: 1993-04-19 07:21:09 UTC
Raw Date: Mon, 19 Apr 93 00:21:09 PDT

Raw message

From: hkhenson@cup.portal.com
Date: Mon, 19 Apr 93 00:21:09 PDT
To: cypherpunks@toad.com
Subject: Re: Fighting the Wiretap Chip Plan
Message-ID: <9304190012.2.12250@cup.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



When this "Clipper chip" story broke, I was off on an extropian (if 
not cypherpunk) activity--helping freeze Alcor's 27 patient (another 
HIV+ case.)  

I doubt I am the strongest hardware person on these groups, but nobody 
else has commented on this aspect.  You just *can't* make chips 
entirely resistant to reverse engineering.  I know, I have spent close 
to 10% of my engineering career reverse engineering things.  Given 
time and a few samples, *any* chip can be reverse engineered.  This is 
especially true with tools such as SEM stimulator/state readers and 
Focused Ion Beam chip slicers and dicers widely available.  *Somebody* 
will dig out every gate in their spare time.  Thus the following 
statement looks very odd: 

>Q:   How strong is the security in the device?  How can I be sure
>     how strong the security is?
>
>A:   This system is more secure than many other voice encryption
>     systems readily available today.  While the algorithm will
>     remain classified to protect the security of the key escrow
>     system,

Say what?  Does this mean that if somebody slices up a chip and 
publishes the algorithm the "security of the key escrow system" is 
broken?  Can a representative of the government say why, or if, this 
is the case?  If it is not the case, why not publish the algorithm and 
be done with it?  Because, soon as the chip can be bought over the 
counter or stolen, the algorithm will be deduced.

>             we are willing to invite an independent panel of
>     cryptography experts to evaluate the algorithm to assure all
>     potential users that there are no unrecognized
>     vulnerabilities.

Well, unless the "independent panel" includes people who can follow 
the algorithm all the way through to silicon, I would not trust their 
report even if I trusted the experts, and that goes double for the 
next set of masks. 

Keith Henson

Thread