From: smb@research.att.com
Date: Mon, 14 Mar 94 12:55:20 PST
To: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
Subject: Re: Clipper Cracks Appear
Message-ID: <9403142055.AA29962@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 According to notes published on this list, the NSA has already
	 admitted that the LEAF is not itself encrypted with Clipper;
	 we don't know what it is encrypted with, but I wonder:

If you're referring to the meeting at AT&T Bell Laboratories, that is
*not* what we were told.  Rather, we were told that a unique mode of
operation was used.  The motivation for using a unique mode for the
LEAF itself isn't completely clear; it may be related to the lack
of space to send a random IV.  The traffic key has to be encrypted
a bit oddly, though; 80 bits doesn't mesh well with standard modes
of operation of a 64-bit cipher if you want to minimize the number
of encryption operations.

Obviously, games can be played with the modes of oepration to weaken
the cryptosystem.  But that's the sort of thing that would stick out
like a sore thumb to the review panel -- much more so than any flaws
in Skipjack itself.  But the question is worth asking of the review
panel members.  I'll pass it on to Steve Kent.

		--Steve Bellovin