1993-09-04 - Denning and the cost of attack against SKIPJACK (fwd)

Header Data

From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 958ba83e8f1cdb6d828a6907bb5526e6a1ddb01b77f37e1d0fd528bff6be92ea
Message ID: <9309041300.AA27965@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1993-09-04 14:36:19 UTC
Raw Date: Sat, 4 Sep 93 07:36:19 PDT

Raw message

From: nobody@shell.portal.com
Date: Sat, 4 Sep 93 07:36:19 PDT
To: cypherpunks@toad.com
Subject: Denning and the cost of attack against SKIPJACK (fwd)
Message-ID: <9309041300.AA27965@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain

(forwarded from sci.crypt)
On page 14 of the August 30, 1993 issue of Government Computer News
Kevin Power reports that Dorothy Denning told the Computer System
Security and Privacy Advisory Board that SKIPJACK would not be
compromised by exhaustive attack methods in the next 30 to 40 years.

I am reminded of a story, perhaps apocryphal.  In the middle seventies
Fortune magazine was working a feature on computer crime.  Most of the
experts that they interviewed told them that the security on most of the
nation's commercial time sharing systems was pretty good.  However, they
admitted that one convicted felon and hacker, Jerry Schnieder, would 
tell them otherwise.  Of course Fortune had to interview him.  According
to the story, the interview went something like this:

Fortune:  Mr. Schnieder we understand that you are very critical of the
security on the nation's commercial time sharing systems.

Jerry:  Yes, that is right.  Their security is very poor.

Fortune:  Could you break into one of those systems?

Jerry: Yes, certainly.

Fortune:  Well, could you demonstrate for us?

Jerry:  Certainly, I'd be happy to.

At this point Jerry took the reporters into the room where his "Silent
700" terminal was.  He connected to the system that he normally used but
deliberately failed the logon.  When he deliberately failed again at the
retry prompt, the system disconnected.  Jerry dialed in again, failed a
third time, and this time he broke the connection.  He dialed a third 
time but this time he dialed the number of the operator.  

Jerry:  This is Mr. Schnieder.  I seem to have forgotten my password.
Can you help me?

Operator:  Sorry Mr. Schnieder, there is nothing that I can do.  You
will have to call back during normal business hours and talk to the
security people.  

Jerry:  I am sorry too, but you do not seem to understand.  I am working
on something very important and it is due out at 8am.  I have to get on
right now.  

Operator:  I am sorry.  There is nothing that I can do.

Jerry:  You still do not understand.  Let me see if can clarify it for
you.  I want you to go look at your billing records.  You will see that
you bill me about $800- a month.  This thing that I am working on; it is
why you get your $800-.  Now, if you do not get off your a-- and get me
my password so that I have this work out at 8am, by 9am there is going to 
be a process server standing on your front steps waiting to hang paper
on the first officer through the door.  Do I make myself clear?

Apparently he did.

Operator:  Mr. Schnieder, I will call you right back.

At this point he appears to have one or two things right.  He changed
the password, called Jerry back at the number where his records said
that he should be, and gave him the new password.  Jerry dumped two
files and then turned to the reporters.  With a triumphant smile he said
"You see!" 

Fortune (obviously disappointed):  No, No, Mr. Schneider!  That is not
what we wanted to see.  What we wanted to see was a sophisticated
penetration of the software controls.

Jerry:  Why would anybody do THAT?


The cost of an exhaustive attack is an interesting number.  It gives us
an upper bound for the cost of efficient attacks.  However, it is never,
itself, an efficient attack.  It is almost always orders of magnitude
higher than the cost of alternative attacks.  The very fact that its
cost can be easily calculated ensures that no one will ever encrypt data
under it whose value approaches the cost of a brute force attack.

History is very clear.  "Black Bag" attacks are to be preferred; they
are almost always cheaper than the alternatives.  After those are
attacks aimed against poor key management.  These attacks will be very
efficient when the keepers of  the keys already work for you 
and where their continued cooperation and silence are assured.

William Hugh Murray, Executive Consultant, Information System Security
49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840