1994-02-18 - Re: CERT/Whitehouse/Clipper link - smoking gun…

Header Data

From: smb@research.att.com
To: cypherpunks@toad.com
Message Hash: 998b356682e0bd1498a8b0c8ceb7ab6ce1297dacb7d0ff341173509f170f2bb8
Message ID: <9402181851.AA24808@toad.com>
Reply To: N/A
UTC Datetime: 1994-02-18 18:55:38 UTC
Raw Date: Fri, 18 Feb 94 10:55:38 PST

Raw message

From: smb@research.att.com
Date: Fri, 18 Feb 94 10:55:38 PST
To: cypherpunks@toad.com
Subject: Re: CERT/Whitehouse/Clipper link - smoking gun...
Message-ID: <9402181851.AA24808@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 By God, I knew there was something fishy about that latest CERT
	 release (the one that referred to things that happened last
	 November and didn't actually say anything new, but somehow
	 managed to hit the *WORLD* press extensively within 24 hours)...

It's stuff that's been happening *since* last November.  I'm quite
certain that the attacks were continuing until (at the very least)
shortly before the announcement.

	 PS The statement is also false: digital signatures would have no effect
	 on network sniffing attacks; but it's just more FUD to strengthen the
	 Whitehouse hand in a release that was buried in a flood of releases
	 that day on Clipper.

No, you're wrong.  A challenge/response login architecture based on
digital signatures would have eliminated the attack.  And digital
signatures -- unlike most other technologies for one-time passwords --
do not require that any secret information be kept on the host.
There are practical difficulties, such as entering in 160 bits of
information, but for host-to-host logins, that isn't much of a problem.





Thread