1993-07-28 - tidbit on Clipper review, San Hose Mercury News

Header Data

From: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
To: cypherpunks@toad.com
Message Hash: f594c47e99784265a7cddf322be5132261554b18a581fc417c0efefaaec59fa4
Message ID: <9307280509.AA26676@longs.lance.colostate.edu>
Reply To: N/A
UTC Datetime: 1993-07-28 05:11:30 UTC
Raw Date: Tue, 27 Jul 93 22:11:30 PDT

Raw message

From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Tue, 27 Jul 93 22:11:30 PDT
To: cypherpunks@toad.com
Subject: tidbit on Clipper review, San Hose Mercury News
Message-ID: <9307280509.AA26676@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Don't believe this was posted here. Mostly a rehash, but included for
completeness of the soda.berkeley.edu archive, and does note that the
analyst review deadline is `the end of the month' (July). So, depending
on how long the bureacrats sit on the results, we should hear something
soon. Sorry about the poor format quality.

(I wonder who the 6 were who defined? Surely a Who's Who in
Cryptography, e.g. W. Diffie etc. I wonder if they'd have the nerve to ask Kahn?)

------- Forwarded Message

Date: Mon, 26 Jul 1993 21:01:33 -0500
From: farber@central.cis.upenn.edu (David Farber)
Subject: Critics Belittle Data Security Probe A bit late but  ... from sci.crypt


San Lose Mercury News - July 16, 1993

Critics Belittle Data Security Probe
By Lee Gomes

A federal effort to answer complaints about a controversial government data
security plan
apparently has fallen short of its goal, with critics saying the effort
isn't dealing with all of
their concerns.

On Thursday, the National Institute of Standards and Technology, or NIST,
an agency of
the Comerce Department, named five outside computer researchers to evaluate
software
being used in the "Clipper" program, a proposed federal standard to encode
computer
messages in order to keep them secret.

Clipper, which uses both software and a special chip, has been criticized
by some 
cryptography experts for being an inferior technology, and for potentially
having a hidden
"trap door" that might allow law enforcement agencies to surreptitiously
peek at computer
messages.

While the program would directly apply to only federal agencies, many
predict the standard
would also come to dominate the commercial market.

In an effort to convince people no such trap door exists, the five experts
working with NIST
will evaluate the classified software used in Clipper and then report
publicly on their findings.

But Jim Bidzos, of RSA Data Security in Redwood City, a company that sells
a private
encryption plan and which is one of the government's main critics in the
controversy, said the
work of the five outsiders will be of limited value, since they will only
be looking at a protion
of Clipper software.

"There are a million other places where you can do some funny business to
grab messages,"
he said, including by copying or tampering with Cliper hardware.

NIST has always maintained there is no trap door and that including one
would be superfluous
because law enforcement agencies would be able to get the "keys" to Clipper
with a court
order.

NIST spokeswoman Janice E. Kosko said the agency had invited 11 experts to
examine the
actual encryption software, called Skipjack, provided they would agree to
obtain a security
clearance and to speak publicly about their findings without revealing the
detailed workings
of the software. Six declined.

The five who accepted are Ernest Brickell of Sandia National Laboritories,
Dorothy Denning of
the computer science department of Georgetown University, Stephen T. Kent of BBN
Communications Corp., David P. Maher of AT&T, and Walter Tuchman of Amperif
Corp.

The five outsiders have been asked to submit individual findings by the end
of the month.
Because Clipper software is secret, the work of the five will take place at
a classified
government laboratory in Bowie, MD.

- ---




------- End of Forwarded Message






Thread