From: smb@research.att.com
To: “Alan (Miburi-san) Wexelblat” <wex@media.mit.edu>
Message Hash: 2bde9f0f9102ee0accf853cf74b8edb61d5c528695cffa696ed5117edbda1f9e
Message ID: <9403142055.AA29962@toad.com>
Reply To: N/A
UTC Datetime: 1994-03-14 20:55:20 UTC
Raw Date: Mon, 14 Mar 94 12:55:20 PST
From: smb@research.att.com
Date: Mon, 14 Mar 94 12:55:20 PST
To: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
Subject: Re: Clipper Cracks Appear
Message-ID: <9403142055.AA29962@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
According to notes published on this list, the NSA has already
admitted that the LEAF is not itself encrypted with Clipper;
we don't know what it is encrypted with, but I wonder:
If you're referring to the meeting at AT&T Bell Laboratories, that is
*not* what we were told. Rather, we were told that a unique mode of
operation was used. The motivation for using a unique mode for the
LEAF itself isn't completely clear; it may be related to the lack
of space to send a random IV. The traffic key has to be encrypted
a bit oddly, though; 80 bits doesn't mesh well with standard modes
of operation of a 64-bit cipher if you want to minimize the number
of encryption operations.
Obviously, games can be played with the modes of oepration to weaken
the cryptosystem. But that's the sort of thing that would stick out
like a sore thumb to the review panel -- much more so than any flaws
in Skipjack itself. But the question is worth asking of the review
panel members. I'll pass it on to Steve Kent.
--Steve Bellovin
Return to March 1994
Return to “smb@research.att.com”
1994-03-14 (Mon, 14 Mar 94 12:55:20 PST) - Re: Clipper Cracks Appear - smb@research.att.com