9.10.1. Clipper chip fabrication details
+ ARM6 core being used
- but also rumors of MIPS core in Tessera
- MIPS core reportedly being designed into future versions
- National also built (and may operate) a secure wafer fab
line for NSA, reportedly located on the grounds of Ft.
Meade--though I can't confirm the location or just what
National's current involvement still is. May only be for
medium-density chips, such as key material (built under
secure conditions).
9.10.2. "Why is the Clipper algorithm classified?"
- to prevent non-escrow versions, which could still use the
(presumably strong) algorithm and hardware but not be
escrowed
- cryptanalysis is always easier if the algorithms are known
:-}
- general government secrecy
- backdoors?
9.10.3. If Clipper is flawed (the Blaze LEAF Blower), how can it
still be useful to the NSA?
- by undermining commercial alternatives through subsidized
costs (which I don't think will happen, given the terrible
PR Clipper has gotten)
- mandated by law or export rules
- and the Blaze attack is--at present--not easy to use (and
anyone able to use it is likely to be sophisticated enough
to use preencryption anyway)
9.10.4. What about weaknesses of Clipper?
- In the views of many, a flawed approach. That is, arguing
about wrinkles plays into the hands of the Feds.
9.10.5. "What are some of the weaknesses in Clipper?"
- the basic idea of key escrow is an infringement on liberty
+ access to the keys
- "
+ "There's a big door in the side with a
- big neon sign saying "Cops and other Authorized People
Only";
- the trapdoor is the fact that anybody with a fax
machine can make
- themselves and "Authorized Person" badge and walk in.
<Bill Stewart, bill.stewart@pleasantonca.ncr.com, 4-15-
94, sci.crypt>
- possible back doors in the Skipjace algorithm
+ generation of the escrow keys
-
+ "There's another trapdoor, which is that if you can
predict the escrow
- keys by stealing the parameters used by the Key
Generation Bureau to
- set them, you don't need to get the escrow keys from
the keymasters,
- you can gen them yourselves. " <Bill Stewart,
bill.stewart@pleasantonca.ncr.com, 4-15-94, sci.crypt>
9.10.6. Mykotronx
- MYK-78e chip, delays, VTI, fuses
- National Semiconductor is working with Mykotronx on a
faster implementation of the
Clipper/Capstone/Skipjack/whatever system. (May or may not
be connected directly with the iPower product line. Also,
the MIPS processor core may be used, instead of the ARM
core, which is said to be too slow.)
9.10.7. Attacks on EES
- sabotaging the escrow data base
+ stealing it, thus causing a collapse in confidence
- Perry Metzger's proposal
- FUD
9.10.8. Why is the algorithm secret?
9.10.9. Skipjack is 80 bits, which is 24 bits longer than the 56 bits
of DES. so
9.10.10. "What are the implications of the bug in Tessera found by
Matt Blaze?"
- Technically, Blaze's work was done on a Tessera card, which
implements the Skipjace algorithm. The Clipper phone system
may be slightly different and details may vary; the Blaze
attack may not even work, at least not practically.
- " The announcement last month was about a discovery that,
with a half-hour or so of time on an average PC, a user
could forge a bogus LEAF (the data used by the government
to access the back door into Clipper encryption). With such
a bogus LEAF, the Clipper chip on the other end would
accept and decrypt the communication, but the back door
would not work for the government." [ Steve Brinich,
alt.privacy.clipper, 1994-07-04]
- "The "final" pre-print version (dated August 20, 1994) of
my paper, "Protocol Failure in the Escrowed Encryption
Standard" is now available. You can get it in PostScript
form via anonymous ftp from research.att.com in the file
/dist/mab/eesproto.ps . This version replaces the
preliminary draft (June 3) version that previously occupied
the same file. Most of the substance is identical,
although few sections are expanded and a few minor errors
are now corrected." [Matt Blaze, 1994-09-04]
By Tim May, see README
HTML by Jonathan Rochkind