From: Duncan Frissell <frissell@panix.com>
Date: Thu, 2 Jun 94 06:09:52 PDT
To: Peter Wayner <pcw@access.digex.net>
Subject: Re: News Flash: Clipper Bug?
In-Reply-To: <199406021254.AA26863@access2.digex.net>
Message-ID: <Pine.3.87.9406020953.A9487-0100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 2 Jun 1994, Peter Wayner wrote:

> 
> 
> Please explain how to forge the LEAFs. I presume that this doesn't 
> involve super-encryption.
> 

Here is what the article on the upper right hand side of this morning's 
New York Times says:

"To defeat the system, Dr. Blaze programmed a 'rouge' unit to test 
thousands of LEAF's.  Once he found a valid key, he inserted it in place 
of the one that would be generated by the Clipper device.  Later, if law 
enforcement officials attempted to use it for decoding, it would not 
unlock this particular message."

He was able to find LEAF's that passed checksum in spite of having an 
invalid session-key number.

If generating these things takes a lot of computing power, maybe we could 
come up with a distributed processing project like RSA 129 was cracked by.

DCF