1994-06-05 - Re: Black Eye for NSA, NIST, and Denning

Header Data

From: kentborg@world.std.com (Kent Borg)
To: thad@pdi.com
Message Hash: c20c651516343a0ad5b6a1b2a6ad86ae14ef71353225f8c83ff6f3a1c3266290
Message ID: <199406050637.AA29985@world.std.com>
Reply To: N/A
UTC Datetime: 1994-06-05 06:37:29 UTC
Raw Date: Sat, 4 Jun 94 23:37:29 PDT

Raw message

From: kentborg@world.std.com (Kent Borg)
Date: Sat, 4 Jun 94 23:37:29 PDT
To: thad@pdi.com
Subject: Re: Black Eye for NSA, NIST, and Denning
Message-ID: <199406050637.AA29985@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


thad@pdi.com (Thaddeus Beier)
>DEADBEAT sez
>>> and importance of Blaze's result for what it is: minuscule.
[with which thad disagrees:]
>Blaze's result destroys the current justification...

Both exaggerate, me thinks.

1) Dr. Blaze blasts out of the water any justification for faith in
the competence/honesty of the NSA in this matter.  This is a real
basic, easy to explain to the corner barber, case of the NSA being
caught with its pants down.  It was a serious technical flub for them
to leave something "this easy"* in the PCMCIA version of Clipper.

* "this easy" is compared to the billions-and-billions of years good
  crypto systems are supposed to hold up, it is not a dig on Dr. Blaze
  who knows one hell of a lot more about this than do I.

2) We might be net-geeks, but Normal People--even crooks--still use
the phone.  It is not at all clear to me that the Blaze LEAF Spoof
(BLS?) is something which will easily retrofit to a Clipper *phone*.
First, is it theoretically possible to do his spoof in the key
exchange of a telephone call?  Second, is it possible to do it quickly
enough that the other phone doesn't get suspicious--i.e., time out?
Third, is the needed spoofing hardware something tiny which I will be
able to find a Circuit City for $30, which I can trivially plug into
my phone as I walk out the door?  If not, the practical result is that
nearly no one will foil the phone tapping.


-kb, the mild-mannered Kent who just realized that: "Now I *am* in the
NSA's files.  Even the NSA on a stupid isn't dumb enough to not
archive this list."


P.S.  Seeing as how the NSA already has cypherpunks archived, maybe we
could talk them into letting us have access to their files--not
everything, just the stuff we wrote.  FoIA request maybe?

--
Kent Borg                                                  +1 (617) 776-6899
kentborg@world.std.com                                
kentborg@aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





Thread