From: Loren James Rittle <rittle@comm.mot.com>
To: Jim_Miller@bilbo.suite.com
Message Hash: fa086530019b208d52cc5e6edc7dd9b98747dbab121c20d5360bb4349c9cd035
Message ID: <9512140210.AA12418@supra.comm.mot.com>
Reply To: <9512132111.AA18490@bilbo.suite.com>
UTC Datetime: 1995-12-14 04:50:13 UTC
Raw Date: Thu, 14 Dec 1995 12:50:13 +0800
From: Loren James Rittle <rittle@comm.mot.com>
Date: Thu, 14 Dec 1995 12:50:13 +0800
To: Jim_Miller@bilbo.suite.com
Subject: Re: Attacking Clipper with timing info?
In-Reply-To: <9512132111.AA18490@bilbo.suite.com>
Message-ID: <9512140210.AA12418@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
>From: jim@bilbo.suite.com (Jim Miller)
>Date: Wed, 13 Dec 95 15:10:25 -0600
>Could this timing attack be used to obtain the various keys used by
>Clipper devices?
Jim,
Without having the details of the algorithm, I suspect the answer is
'remotely possible, at best'.
However, to extend what I suspect you were getting at:
It would be very interesting to determine if the NSA knew about this
crypto-design problem and put effort into making Clipper chips resistant
to this timing based attack. Without access to internal documents,
I suspect this would be hard to determine. We could learn something
about the NSA by studying the Clipper chip (or the follow-on PCMCIA
product containing SKIPJACK, Capstone).
If it could be shown that Clipper chips require a different amount of
time/current to encode/decode traffic, then we could conclude one of
the following:
(A1) The NSA knew about the problem, expected to be able to use the
behavior as an illegal backdoor and thus did nothing to close it.
(A2) The NSA knew about the problem, expected that no one (including
themselves) would be able to exploit the behavior, and thus did
nothing to close it.
(A3) The NSA didn't know about the problem.
Conclusions A1 and A3 would tend to make the NSA look bad. A2
would be fine, if the NSA expectation was found to be valid. To
restate, without internal documents, outsiders would have little
ability to determine which conclusion to draw even if differences
in behavior were detected.
If it could be shown that Clipper chips require a fixed amount
of time/current to encode/decode traffic, then we could conclude
one of the following:
(B1) The NSA knew about the issue and compensated for it.
(B2) The NSA didn't know about the issue and got lucky.
I discount B2 as a valid option. Actually, if the answer was B1,
my respect for the NSA would creep up a notch. :-)
Regards,
Loren
- --
Loren J. Rittle (rittle@comm.mot.com) PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5
Systems Technology Research (IL02/2240) FP1024:6810D8AB3029874DD7065BC52067EAFD
Motorola, Inc. FP2048:FDC0292446937F2A240BC07D42763672
(708) 576-7794 Call for verification of fingerprints.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMM+HTf8de8m5izJJAQGWJwP8CUJIagN5cyZhRc9Qxq4+u4d/1H7wfAzi
OKa+m4XlfEsCKxF9x6vnYXcC2jGKpU43RbCVsLN/FLJjptWuBczXzPMdS1Uu0nPU
yVWse7eVx0Jl0dbTpUxm0Z966G4cwmnX0Npq6BnVFlp7mNFJGZv157K17vsHwvYB
apf4IwtPqdI=
=CDP6
-----END PGP SIGNATURE-----
Return to December 1995
Return to ““Mark M.” <markm@omni.voicenet.com>”