1994-06-03 - Re: Black Eye for NSA, NIST, and Denning

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: na5877@anon.penet.fi
Message Hash: 9bddf704de2572a488b4d8d523e88109d826ec0bc04c4d653ae74556511452a6
Message ID: <199406032228.SAA19533@bwnmr7.bwh.harvard.edu>
Reply To: <9406032148.AA09753@anon.penet.fi>
UTC Datetime: 1994-06-03 22:28:57 UTC
Raw Date: Fri, 3 Jun 94 15:28:57 PDT

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Fri, 3 Jun 94 15:28:57 PDT
To: na5877@anon.penet.fi
Subject: Re: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406032148.AA09753@anon.penet.fi>
Message-ID: <199406032228.SAA19533@bwnmr7.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain

deadbeat wrote:

| On the one hand, I applaud Dr. Blaze for the discoveries based on his
| black-box analysis of the NSA product.  How fortunate to have him
| working in a laboratory seeded with this gear.
| On the other hand, I am amused at the "big deal" being made about such
| a minor result.  This "protocol failure" exposes the NSA product to no
| new threats.  If one's objective is to use SKIPJACK but to defeat key
| escrow, pre-encryption is easier, conceptually simpler, and may be more
| secure, depending on what is actually inside the SKIPJACK code.

	Actually, Blaze's work does nullify one important aspect of
Clipper that pre-encryption does not address, and that is traffic


Adam Shostack 				       adam@bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.