From: wcs@anchor.ho.att.com (Bill_Stewart_HOY002_1305)
Date: Thu, 30 Sep 93 09:21:54 PDT
To: cypherpunks@toad.com
Subject: Re: Active Eavesdropping of Clipper Phones
Message-ID: <9309301536.AA21844@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


There are a variety of ways around  Diffie-Hellman spoofing.
The current STU-III phones from AT&T, Motorola, etc., use several
approaches - there's the Crypto Igniter Key dongles that you need
to authorize your phone, which provides one form of out-of-band
authentication (partly authentication of the DH keys, but more important
is authentication that the person at the other end is probably cleared
for the level of classification you're running the call at);
there's also an LCD display on the phone that shows the other person's
DH half-key, so you can do voice verification if you want.
They may do other stuff as well.

Scott Collins mentioned the "digital signature on RSA keys",
which the Capstone phones probably do even though Clipperphones 
probably won't.  There are also tricks about sending half the key
at a time, though they're apparently still hackable.

	Bill