1994-06-06 - Clipper- Who’s Fooling Who

Header Data

From: jp@jep.pld.ttu.ee (Jyri Poldre)
To: CYPHERPUNKS@toad.com
Message Hash: 352efbf6c1951c62dd20c198dbd0b88706efc92f2f1a8cd370846f31376be316
Message ID: <9406061533.AA03489@jep.pld.ttu.ee>
Reply To: N/A
UTC Datetime: 1994-06-06 15:38:54 UTC
Raw Date: Mon, 6 Jun 94 08:38:54 PDT

Raw message

From: jp@jep.pld.ttu.ee (Jyri Poldre)
Date: Mon, 6 Jun 94 08:38:54 PDT
To: CYPHERPUNKS@toad.com
Subject: Clipper- Who's Fooling Who
Message-ID: <9406061533.AA03489@jep.pld.ttu.ee>
MIME-Version: 1.0
Content-Type: text/plain

It simply is not possible for them to have ACCIDENTALLY OVERLOOKED such a thing as 16 bit CRC. 

Let us assume, that 2 distinct users want to initiate clipper connection. They will have their secret keys generated inside chips and as key distribution is not a part of clipper they can happily use DH or whatever to do it, meaning that they still are the only ones to know them. To be able to intercept these keys clipper chips have ( presumably ) skipjack cipher to make LEAFS. Now cipher must take arguments data and key. But we assume, that Chips  have Family key, but not Master key ( such a thing would have been nonsense- you cannot rely on one key for all chips ), meaning that they share no global knowledge except SJ algorithm. So, for other chip to make difference between RIGHT and WRONG LEAF it has shared secret, meaning session key and LEAF. What could have been simpler than using these 2 components and SJ to generate cryptographic checksum? Nothing, execpt that this checksum is of no use to goverment- it does not know shared secrets, so it cannot use this checksum anyway. BUt that is not such a big pr

oblem - line noise and checksums can be applied externally. So why not use session key and SJ, generate a 80 BIT checksum and append it to LEAF. I do not believe that it would make SJ useless because of cancellation :-) 
The proposed scheme would look like this:
Sa, LEAFa, Sb, LEAFb  the session keys and LEAFs of a and b
1. A and B generate and exchange keys
2. A sends to B SJ(LEAFA,Sb), LEAFA
3. B verifyes it and takes into use Sa. 
,the same thing in opposite directions.

Rather EASY not to implement it.      
Now they did not do it. Instead they used only 16 bits. Weird. Unless...
OK, SJ has no backdoors, but somehow manages to send the parts of LEAF fields 
maybe 0.5 bits per one SJ coded user data block. (it is always possible to compress data that much ) That would change the things. 
We would be happy about our checksum and they would be really happy about (us) US.
A little media now and then - it's for advertisment. Just think that This 16 bits did not make SJ weaker, meaning people who would have used it for sequrity will do so anyway. The i-do-not-know class will switch over to it because of if-I-want-I-can-crack-it( or buy device or have it installed or whatever). 

I'm Looking for a partner 
Someone who gets things fixed
Think about it seriosly
do you want to get rich?

OK for Pet Shop Boys, but NSA???

JP from TTU