1994-04-19 - Clipper == chosen plaintext attack on cypherpunks?

Header Data

From: Anonymous <mg5n+eae5nx0i73d8g76rma9ilx7ngs1mk7ddo1tw570wp3w@andrew.cmu.edu>
To: mg5n+anz3ajg8o1yxicqzt6v6qgpg3tkhddpqw3jl@andrew.cmu.edu
Message Hash: 9de60533309bcd04e6a05b61c29a24b65e142f91e7d530316d498ebc671d8036
Message ID: <Added.khgrqYO00UddME2U4j@andrew.cmu.edu>
Reply To: N/A
UTC Datetime: 1994-04-19 06:44:02 UTC
Raw Date: Mon, 18 Apr 94 23:44:02 PDT

Raw message

From: Anonymous <mg5n+eae5nx0i73d8g76rma9ilx7ngs1mk7ddo1tw570wp3w@andrew.cmu.edu>
Date: Mon, 18 Apr 94 23:44:02 PDT
To: mg5n+anz3ajg8o1yxicqzt6v6qgpg3tkhddpqw3jl@andrew.cmu.edu
Subject: Clipper == _chosen_ plaintext attack on cypherpunks?
Message-ID: <Added.khgrqYO00UddME2U4j@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


In <94Mar30.211225edt.12125@cannon.ecf.toronto.edu>, SINCLAIR DOUGLAS N 
<sinclai@ecf.toronto.edu> wrote, in reply to Bill Stewart:

> > The proposed standards I've seen on the net say you can't encrypt
> > *after* using Clipper, because that makes Clipper key-theft useless.
> > On the other hand, encryption with real systems before encrypting with
> > Clipper is undetectable until after they decrypt the Clipper, so it's
> > hard to enforce except on people who are already suspects,
> > and is unlikely to be convenient to implement (for interoperability)
> > on some of the major Clipper targets, like cellphones and fax machines.
> 
> Makes sense, doesn't it?  When the whitehouse guy said that encryption
> below clipper was legal but not above, we thought he was confused.  However,
> we ACKed it with an NSA employee, and he confirmed it.  His reasoning went
> like this:  encryption below clipper can't be stopped, since one can just
> splice a cryptdec into the phone line.  Encryption on top of clipper is
> impossible since the clipper phone will only accept audio input.  No
> word on how that would effect clipper modems.

This explanation struck me as phony.  No NSA employee would be so naive as
to actually believe that "Encryption on top of clipper is impossible 
since the clipper phone will only accept audio input" and clearly the NSA
had thought about how easy it would be to "splice a cryptdec".

Then it struck me what Clipper/LEAF really does, it provides plaintext
for a _chosen_ plaintext attack on other cryptosystems.  

Most of us tend to ignore chosen-plaintext attacks as being too impractical.
How would we ever be able to get the adversary to send lots of plaintext
of our (not his) chosing, we wonder.

Now suppose that No Such Agency is really years ahead of the rest of the
world in exploiting chosen plaintext to break all kinds of stuff, including
(say) DES.  They've unleashed DES upon the world, and now they're sort of
regretting it.  If only they could get us crypto-weenies ^H^H^H^H^H^H^H^H^H
cypherpunks to send a few thousand choice pieces of chosen plaintext.
Hmmmm.  How could they do that?   

Final question:  Am I the last person on this list to have thought of this,
(namely, clipper as a chosen plaintext attack on other cryptosystems)?







Thread