1996-12-25 - Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)

Header Data

From: “Vladimir Z. Nuri” <vznuri@netcom.com>
To: Adam Shostack <adam@homeport.org>
Message Hash: b85d82798048a78c70dab54dbb1f3bec42b570281439bd637481748d28f02dac
Message ID: <199612251916.LAA17341@netcom13.netcom.com>
Reply To: <199612242119.QAA16490@homeport.org>
UTC Datetime: 1996-12-25 19:16:43 UTC
Raw Date: Wed, 25 Dec 1996 11:16:43 -0800 (PST)

Raw message

From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 25 Dec 1996 11:16:43 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <199612242119.QAA16490@homeport.org>
Message-ID: <199612251916.LAA17341@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[publish skipjack]
>
>	Right now, we're shooting to make the ITARs irrelevant by
>saying things like 'IDEA is Swiss, and when we can't export it from
>the US.  What does that do to competitiveness?'  We can't make that
>claim about Skipjack.  Skipjack is an NSA designed cipher which the
>agency probably expects will be publicised.

they spent millions of dollars to hide the encryption on the chip--
using state-of-the-art technology from what I understand. it would have
been far cheaper not to have done this.  also, the
chip manufacturer was under very high security. 

so, seems like exactly
the opposite to me-- they don't want it to be publicized. in fact
when it was first released there was some verbiage in the documents
about how the chip design would be used to prevent such an amazingly
powerful algorithm from getting into private hands without 
"appropriate safeguards". so I don't buy your theory.

publishing skipjack would be a very, very significant cpunk victory.
recall that DES was slightly redesigned by the NSA, and about 20
years later it was discovered it was done to possibly make it
less vulnerable to "differential cryptoanalysis". 20 years later!
that suggests that the NSA may be up to 20 years ahead of public/academic
crypto research, at least at that point.

anyway, my point is that if skipjack was published, similar insights
into what the NSA is thinking would be available. can you point to
an algorithm other than DES officially sanctioned by NSA? skipjack
is even better, it was *built* by them, and apparently to be highly
secure. the insights available to private researchers after studying
the algorithm would be very significant imho. it would be a snapshot
made very recently of what the nsa considers a state-of-the-art
encryption algorithm. especially useful considering that DES is
about to die and people are looking for alternatives.

note that many people suspect Skipjack is very similar to the DES
in that it is built out of Sboxes and Pboxes. so in that sense
the basic design is probably not all that different. it would be
disappointing if it wasn't different from DES in some interesting
way. I doubt this would be the case.





Thread