[1035] in RISKS Forum
RISKS DIGEST 16.12
daemon@ATHENA.MIT.EDU (RISKS Forum)
Wed Jun 8 17:37:02 1994
From: RISKS Forum <risks@csl.sri.com>
Date: Wed, 8 Jun 94 14:31:39 PDT
Reply-To: risks@csl.sri.com
To: RISKS-LIST:;@csl.sri.com
RISKS-LIST: RISKS-FORUM Digest Wednesday 8 June 1994 Volume 16 : Issue 12
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents:
RISKS OF RISKS again (PGN)
Hazards of the real-time switchover of a prison system (Ray T. Stevens)
Campaigns and Elections (Phil Agre)
Library fines unstoppable after earthquake (Geoff Kuenning)
Flames and viruses in e-mail - article in the New Yorker (Martin Minow)
Tetris addiction? (Mich Kabay)
Re: Closed Doors in Glasgow - Trapped Guard Dies in Fire (John Vilkaitis)
Re: Risks of too-simple responses (UK ATM Spoof) (Henry J. Cobb,
Mathew Lodge, Jerry Leichter)
Re: Clipper (Gene Spafford, Sidney Markowitz [2], A. Padgett Peterson,
Paul Carl Kocher)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Wed, 8 Jun 94 12:00:01 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: RISKS OF RISKS again
Sorry for the inconvenience on RISKS-16.11 for those of you who got a
truncated original, and apologies for the duplicate in case any of you
actually got an untruncated original copy. Our gateway was timing out on even
moderately sized outgoing mail and FTPed files (also preventing me from
updating the CRVAX archive copy).
------------------------------
Date: 04 Jun 94 15:56:30 EDT
From: "Ray T. Stevens" <74074.1746@CompuServe.COM>
Subject: Hazards of the real-time switchover of a prison system
Our local newspaper, The Herald Times, had a several page spread on the
problems relating to a switchover of the local prison to a new control system.
Given the length of the spread, and considering that most of it was human
interest and not technical, I summarize it here.
The prison is being switched from a mechanical to a fully automated system,
and this is being done while it contains prisoners. The jailers are
complaining about huge amounts of overtime, and spending the whole day "on a
dead run".
One incident of a technology breakdown was especially insightful. The lights
are going to be controlled by this new system, and the wiring for the new
system must be run through some of the old wire traces. In order to safely
install the new wiring, the existing wiring had to be disconnected, for both
the lights and an intercom system so that inmates can contact the guards for
requests. To maintain functionality, temporary wiring was used to replace the
existing wiring for the lights. To save money, no on-off switches were
included. The prisoners must sleep with the lights on.
One of the prisoners has sued, requesting release because of cruel and unusual
punishment. This has been rejected.
A more serious incident occurred with another prisoner. A light had started
to burn out, but since it couldn't be turned off, it couldn't be changed, and
it started blinking rapidly. One of the prisoners had epilepsy, and the
blinking light triggered a seizure. The inmates injuries were exacerbated by
the other prisoners not being able to call for help. Pounding on the cells
did no good, as this is a common sound in the prison. A lawsuit is in
progress.
Another prisoner is now using this as grounds for his immediate release. He
has a heart condition, and is claiming that this situation puts him too much
at risk. No ruling yet.
I see one more lawsuit from this. The best defence in a criminal case is
frequently delay. I can see what may be a very valid comment from the a
defendent's lawer. "I must request a continuance on the basis of temporary
incompetence of my client. The county has been illegally depriving my client
of sleep, and he is now too sleepy of competently participate in his own
defence." Under the right circumstances, I would say this might be worth
about a two-month delay.
------------------------------
Date: Mon, 6 Jun 1994 18:09:55 -0700
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: Campaigns and Elections
I encourage everyone to have a look at an issue of the magazine "Campaigns
and Elections". It's a monthly, sold at many newsstands (in the US anyway),
for the people who run political campaigns. Every issue includes numerous
references to the growing role of computers in campaigning. Now I'm sure that
this trend has its good sides and its neutral sides and its complicated sides.
But inside the back cover of the May 1994 issue is an advertisement from a
political software company whose headline is "The age of individual targeting
is upon us". In other words, everyone gets their own personalized direct-mail
pitch, based on a detailed database of information relevant to your likely
political leanings. One use of such databases is basic demographics for
choosing issues to emphasize; another is deciding who should be approached
personally and urged to vote.
But a scarier use of such databases, not mentioned in the ad, is the tailoring
of messages to individual voters. For example, a group of land developers
in San Diego is promoting an initiative for tomorrow's primary election that
would open up the last parcel of wild land in San Diego to development. Their
campaign has been incredibly sophisticated, including numerous tactics that
aren't relevant here. The part that *is* relevant here is a letter I received
over the weekend encouraging me to vote Yes on the initiative. Along with
the letter were two inserts containing endorsements from the leader of the
local AFL-CIO and a Hispanic city council member from another district. Did
the guy around the corner with the "Rush is Right" bumper sticker get the
same inserts? He didn't have to, if the developers had access to a suitably
"enriched" database. In the future you won't even have to bother putting
together a coherent coalition; just find out what everybody's hot issues are
and make them all whatever promises you need to make, one by one, the Saturday
before the election, so nobody has time to compare notes.
Campaigns and Elections, 1511 K St NW #1020, Washington DC 20005, USA.
Subscriptions $30/year in the US, write for prices elsewhere.
Phil Agre, UCSD
------------------------------
Date: Tue, 31 May 94 13:31:29 -0700
From: geoff@FICUS.CS.UCLA.EDU (Geoff Kuenning)
Subject: Library fines unstoppable after earthquake
>From an article by Rebecca Bryant in the Los Angeles Times Valley
Section, Thursday May 19th:
The Los Angeles City library system is sending out overdue notices for books
that had been checked out before the January 17th earthquake. The only
problem is that readers have been told that they can hang on to their books
until the damaged branches reopen.
"Now wait a minute," writes Bryant. "Who[m] do you believe? The library?
Or, uh, the library?"
The problem arose because the computer system used to generate the notices
does not allow notices to be selectively disabled based on the branch at which
the book was originally checked out. The only way to stop the notices would
be to stop sending notices for all branches. But many branches remain open,
and of course there are always delinquent readers. According to Robert
Reagan, a library spokesman, the system is due to be replaced soon. Although
the article does not state this explicitly, there is an implication that the
new system will support better per-branch control.
This is in many ways not just a computer risk. The original programmers,
designing an integrated system, can be forgiven for failing to predict the day
when their customers would want to shut down only half of it, based on
unforeseen criteria. Furthermore, it is easy to imagine an integrated manual
system with the same (if you will excuse the expression) fault.
Nevertheless, readers are confused and the library is embarrassed. I guess
it's a pretty minor, though amusing, footnote to a major disaster.
Geoff Kuenning geoff@ficus.cs.ucla.edu geoff@ITcorp.com
------------------------------
Date: Sat, 4 Jun 94 13:42:43 -0700
From: Martin Minow <minow@apple.com>
Subject: Flames and viruses in e-mail - article in the New Yorker
RISKS readers might find John Seabrook's article in the June 6, 1994
issue of the New Yorker interesting. He had previously written a profile
of Bill Gates, chairman of Microsoft (January 10, 1994) and received
an obscene and obnoxious message from "a technology writer who does a
column about personal computers for a major newspaper."
In true New Yorker tradition, Seabrook used this message as a vehicle to
comment on network etiquette and on the possibility that some strange aspects
of the message might indicate that the message contained a "worm" or "virus."
(My own reading of the evidence presented is that there is nothing to worry
about.)
Of particular interest to Risks readers might be Seabrook's fear that any
strangeness in the message might indicate an attack, and on the general way in
which extending the net to "an estimate twenty-three million users ... ten
million of which have come on-line in the last nine months" has affected the
culture of network communications.
RISKS readers -- at least those of us who have been around since the net was a
self-regulated anarchy -- will find his comments on the way this anarchy is,
or soon will be, dying away very interesting.
Martin Minow minow@apple.com
------------------------------
Date: 28 May 94 21:41:39 EDT
From: "Mich Kabay [NCSA Sys_Op]]" <75300.3232@CompuServe.COM>
Subject: Tetris addiction?
>From a Canadian newspaper, _The Globe and Mail_, 28 May 1994, p. D1:
<<Stay out of the laundry room, son, your mother is playing Tetris: Computer
software houses want to know why grown women are transfixed by one particular
video game. Psychologists have been hired.>>
by Jim Carlton of the Wall Street Journal
<<Nintendo Co., master peddler of cyberpuzzles to young boys, has a riddle of
its own: Why are so many grown women hooked on Tetris, the geometric video
game? Fourteen-year-old Bobby Meade would certainly like to know. "Almost 24
hours a day she plays Tetris," the Johnstown, Ohio boy writes of his mother in
a letter to Nintendo. "I can't hardly play more than one game a day." Peggy
Rudden's family would also like to know. "My husband thinks I'm hooked on
it," says 46-year-old mother of six in Englewood, Colo., who plays in her
laundry room, away from the kids.>>
The author continues with the following key points:
<<begin summary>>
o Nintendo estimates that 40% of the purchasers of its handheld video game,
Game Boy, are women--twice the percentage of woman buyers of other game
machines. Nintendo guess that the difference may be due to the Tetris game
bundled into the Game Boy.
o Several anecdotes are presented about women who enter trance-like states as
they play the game.
o Seattle psychologist Barbara Mackoff works for Nintendo; she thinks that
busy women see Tetris as "a mind-soothing break."
o Gini Graham Scott is a sociologist from Oakland, CA who also works for
Nintendo. She wonders if "neatly aligning Tetris' falling clusters" is
peculiarly satisfying to women because of their "craving for order."
o Dr Scott also wonders if Tetris appeals to women's "holistic way of seeing
things."
o Dr Mackoff warns that playing compulsively with Game Boy can lead to
"driven, pleasureless participation that excludes socializing and other
creative forms of relaxation."
o One woman wrote to Nintendo in alarm because her mother, a 66-year-old
retired teacher, now spends an average of five hours a day playing Tetris.
Her reading has fallen from two books a week to two books a month. Her mother
doesn't think there's anything wrong.
<<end of summary>>
[MK comments:
1) There is no convincing evidence provided in this article about the
supposedly different rates of addiction or compulsion to Tetris by men and by
women. The article simply relates anecdotes and speculation.
2) Professor Mihaly Csikszentmihalyi of the University of Chicago has been
studying what he terms "autotelic" behaviour for many years. Examples include
computer programming, rock-climbing, many competitive sports, running, making
models and so on. The essential attributes of an autotelic activity are that
it is repetitive, is at the limits of one's skill, and provides many
opportunities for measuring progress or achievement. When in the midst of an
autotelic activity, Prof. Csikszentmihalyi explains, one loses track of time
and even of normal body responses such as hunger or tiredness.
Programmers who have said to themselves (or their spouses), "Just one more
compile and then I'll come home" and then found themselves fourteen compiles
and three hours later have experienced what Csikszentmihalyi calls "Flow" (the
title of one of his recent books*).
Participating in this Forum, for example, is an autotelic activity. I have to
consciously govern how often I log on to check on new messages. Left to
uncontrolled impulse, I might end up online all the time--to the detriment of
the rest of my life and with severe consequences for my marriage (here my wife
concurs vigorously).
Computer games are analogous to any other kind of game. However--and this is
sheer speculation--the combination of speed, colour, sounds and control may
make the games even more likely to cause Flow than mechanical games do.
Consider, for example, the attraction of mechanical pinball vs games with
marbles; or of a mechanical shooting gallery compared with a video gun game.
Another factor may increase addictiveness: computer-controlled games often
increase their difficulty as a function of the player's skill; this tendency
puts them in line with Csikszentmihalyi's ideas about Flow.
I wonder if the propensity for flaming is an expression of Flow? Do people
provide a positive feedback loop simply by seeing their own expressions of
anger or dislike? Devoid of other people's reactions while they write,
perhaps flamers reach a paroxysmal state of rage and bliss all by themselves.
Finally, the same phenomena may be part of the attraction of role playing
games, discussed in RISKS some months ago in connection with a young man who
became addicted to his fantasy world.]
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
*Csikszentmihaly, M. (1990). _Flow: The Psychology of Optimal Experience_.
Harper and Row (New York). ISBN 0-06-016253-8. xii + 303 pp.
------------------------------
Date: Sat, 4 Jun 1994 00:37:06 -0700
From: javilk@netcom.com (John Vilkaitis)
Subject: Re: Closed Doors in Glasgow - Trapped Guard Dies in Fire
Failure to provide a reliable emergency exit is usually a violation of
local fire and other ordinances. The RISK is civil and criminal prosecution,
not MERELY lost sales.
This, and many other seemingly senseless problems have at their root, a
failure of the analyst to IMAGINE HIMSELF using the system. Sometimes this is
the fault of the analyst, often it is simply because management refused to
give the analyst (or the programmer) time to calmly "daydream" himself using
the system and encountering typical situations and problems. If you cannot
imagine in your head what you are building, you RISK building trash, often
dangerous trash.
"Imagination is more important than facts" - Albert Einstein
It takes both FACTS and IMAGINATION to build good systems, but no one seems
to teach us to use the broader power of our imagination, insisting we use the
far narrower term "THINKING".
-JVV- (J. Vilkaitis, javilk@netcom.com, 408-983-0518 voice/fax)
[John, I guess you have to be THIN-KING to slip through the emergency exit.
See my article, Psychosocial Implications of Computer System Development
and Use: Zen and the Art of Computing, in Theory and Practice of Software
Technology, D. Ferrari, M. Bolognani, and J. Goguen, eds., North-Holland,
1983, for a discussion of how both left-brain and right-brain activities
must be used and properly integrated. PGN]
------------------------------
Date: Wed, 1 Jun 1994 19:52:49 -0700
From: "Henry J. Cobb" <hcobb@fly2.berkeley.edu>
Subject: Re: Risks of too-simple responses (UK ATM Spoof) (RISKS-16.10)
Jerry Leichter suggests that ATMs be "hardened" to spoofery by reading
the "noise" built into the card during manufacture rather than the digital
signals encoded on them.
The risk to this is once the scanner that detects the noise is out in
the field in large numbers, it becomes just another fixed system to spoof.
Before you counter with "We'll just push down to the quantum level!"
consider if you'd want real people in the real world walking around with cards
depending on this. (And please no "Are you displeased to see me, or is that
just a quantum in your pocket?" jokes from the moderator.)
Digitally secure smartcards are not only the geek thing to do, they're
the right thing to do. As for the installed base of "dumb" cards, this can be
wiped clean by proper legislation or simple liability. All that is needed is
to abolish the NSA and go back to being a free nation.
------------------------------
Date: Fri, 3 Jun 94 17:22:47 BST
From: Mathew Lodge <lodge@ferndown.ate.slb.com>
Subject: Re: Risks of too-simple responses (UK ATM Spoof) (RISKS-16.10)
Perhaps Jerry has never been to France. All French credit cards are smart
cards, and have been in mass use for several years now. The French don't
seem to be having any problems with fragility or expense.
As to backward compatibility, this is solved by the extraordinarily simple
measure of allowing the card readers to deal with both smart cards and
ordinary magnetic stripe cards. Thus I can use my Visa card in France with
no problem (the only difference is that there is no immediate validation
using my PIN as there is for smart cards).
> In practice, my bet is that we will *never* see the replacement of magnetic
> stripe cards by smart cards.
I think this is a little too pessimistic.
Mathew Lodge, Software Engineer, Schlumberger Technologies, Ferndown, Dorset,
UK, BH21 7PP lodge@ferndown.ate.slb.com) +44 (0)202 893535 x404
------------------------------
Date: Fri, 3 Jun 94 22:07:00 EDT
From: Jerry Leichter <leichter@lrw.com>
Subject: Re: UK ATM Spoof (Cobb, Lodge, RISKS-16.12)
On Henry J. Cobb's fixed system to spoof:
We've been using pin-tumbler and mechanical combination locks for many, many
years. In fact, that's exactly what protects the money actually stored inside
of ATM's - along with fairly simple electrical alarms, which haven't changed
much in many years either. All "just another fixed system to spoof".
Clearly the only hope is "digitally secure smartcards", a technology that
has seen all of 20 years worth of development and testing in the real world,
against real attackers. By all means, let's convert everything immediately.
After all, these new systems are based on *digital computers*! Clearly they
are better, more secure! Computers never make mistakes, after all!
On Mathew Lodge's response to my statement ("In practice, my bet is that we
will *never* see the replacement of magnetic stripe cards by smart cards."),
saying that he thinks this is "a little too pessimistic":
As Mark Twain said, it's a difference of opinion that gives us horse races.
(Well, he said it better, but I don't recall the exact words.) We've both
made our predictions. I'll sharpen mine: Five years from now, smart cards
will represent no more than 5% of the US market for bank and charge/debit
cards; some variation of magnetic stripe technology will make up essentially
all the remaining 95%. Shall we revisit this in 1999?
------------------------------
Date: Fri, 03 Jun 94 19:20:45 -0500
From: Gene Spafford <spaf@cs.purdue.edu>
Subject: Clipper
In today's mail I got a glossy brochure extolling Clipper. It
promises to "Expand your creative universe with real-world solutions."
Is it a new ploy by the government to subvert our privacy? No, it's an
advertisement by a company named Dynamic Graphics for their CD-ROM clip art
magazine. "Clipper" is their registered trademark.
I wonder if they registered the trademark recently? I would have pitched the
flier immediately had I not noticed the word "Clipper" in large letters. I
can't recall hearing about them before, either.... Has "Capstone" been
registered yet, or "Tessera"? :-) On the other hand, it might be they had the
name picked out over a year ago and their business will go south as a result
of recent events.
The risk? Naming a product something catchy just before a government agency
nicknames something unpopular the same name. (Alternatively, there's a risk
in trying to avoid this -- naming a product "Facist Thought Control" is likely
safe from collision, but won't help sales. :-)
------------------------------
Date: Fri, 3 Jun 1994 20:14:29 -0700
From: sidney@taurus.apple.com (Sidney Markowitz)
Subject: Details of flaw in Clipper
I have seen lots of discussion about the New York Times report on Matt Blaze's
discovery of a flaw in Clipper's key escrow system, with more confusion than
anything else. Here is the best article that I have seen on the net explaining
exactly what Dr. Blaze has found. There's also confusion about the
implications. My understanding is that this method might allow someone with a
Clipper chip device to have a secure communication with another person with a
Clipper device that could not be decrypted by law enforcement *and* it does
not require the cooperation of the second person. That last part is what
makes this significant, since two people can agree to just encrypt their
messages with, say PGP, if they want to be secure from law enforcement
decryption. But if Blaze's method is practical, the widespread use of Clipper
would make it harder on law enforcement by making it easier than it is now for
someone to have secure communication with people without having to plan with
them to do so.
-- sidney markowitz <sidney@taurus.apple.com>
[begin quote of Message-ID: <PERRY.94Jun3182655@snark.imsi.com>
crossposted to sci.crypt, talk.politics.crypto, alt.policy.clipper]
[Run in RISKS with permission of "Perry E. Metzger" <perry@imsi.com>. PGN]
Many people have misconceptions about what Matt did.
Based on his paper (no, you can't have a copy since he told me not to
distribute it; I'm sure he'll release it when its ready for prime time) and
discussions with him, the trick is this.
[The Escrowed Encryption Standard is abbreviated as EES.]
The LEAF acts much as an key to tell the EES unit that it should
function. It contains three elements:
1) the 32 bit unit id of the EES unit generating the LEAF
2) the 80 bit session key, encrypted in the escrowed key for that unit.
3) a 16 bit checksum based on the unencrypted session key and the
initialization vector (IV) for the session.
All three components are concatenated to form a 128 bit unit, which is
encrypted in the family key in order to produce the LEAF, reportedly using a
unique mode of Skipjack.
The remote unit takes in the LEAF, decrypts it with the family key, and checks
the cleartext session key and IV to see if they produce the proper 16 bit
checksum. If so, it accepts the LEAF and functions properly. Note that the
encrypted key inside the LEAF is useless to the remote EES since it doesn't
have the other EES's escrowed key. It has to rely on the cleartext session key
and IV alone to check that the checksum looks right.
Sadly for the NSA, the checksum is only 16 bits long. Given a session key and
initialization vector, I can fairly quickly generate a large number of fake
LEAFs (chosen at random) and find one that a captive EES unit will accept as
being the right LEAF for a given session key/IV. The contents of the LEAF will
be garbage, but the remote unit will not know that, and will happily go along
with using it. I needn't know the family key, or even the checksum algorithm.
The point here is, of course, that I can freely interoperate with non-rogue
EES units -- I can communicate with non-subverted units without revealing my
privates hidden beneath the LEAF. (sorry for the pun.) [*]
By the way, Matt had to figure out the components of the checksum on his own
-- the mechanism for calculating it and where it came from were not
documented.
BTW, for those who have asked, in case the preceding didn't make it clear,
can't you just reuse an old LEAF or a stolen LEAF because the session key/IV
won't correspond and the checksum won't be right -- you have to generate and
test.
Perry Metzger perry@imsi.com
[end quoted message]
[*] [Turning over a new LEAF is better than if you LEAF
well enough alone, he suggested FIGuratively. PGN]
------------------------------
Date: Mon, 6 Jun 1994 19:29:45 -0700
From: sidney@taurus.apple.com (Sidney Markowitz)
Subject: Blaze's Clipper paper available via ftp
Matt Blaze is the AT&T researcher who has made the news recently for
discovering a flaw in the Clipper protocol. I saw an announcement from him
that a preliminary draft of his paper "Protocol Failure in the Escrowed
Encryption Standard" is available via anonymous ftp from resarch.att.com in
the file /dist/mab/eesproto.ps in PostScript format. He cautions that there
will be a final version of the paper which will likely include additional
material on the production version of the PCMCIA card, and that this draft is
based on his examination of a prototype card.
-- sidney markowitz <sidney@apple.com>
------------------------------
Date: Sat, 4 Jun 94 22:35:29 -0400
From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: Flaw ? in Clipper
This has already gotten out of hand on the Usenet. In simplest terms, what
Matt Blaze found is that is is possible to spoof a CLIPPER LEAF (law
enforcement access field).
IMHO this is almost meaningless since *both* ends will need to do this (AFAIR
each side sends a LEAF. If only one LEAF is spoofed, it will just be
necessary for a legal tapper to use the other one).
Thus to be effective, both ends will need special spoofing equipment and in
that case they might as well use something other than Clipper. Even better use
something different but prefix a valid Clipper LEAF. Right. Remember Occam's
Gillette.
Dr. Blase also mentioned that it would take about 20 minutes to come up with a
valid checksum. Much easier would simply be to record a valid LEAF from
another chip and use that.
The most important element is that the SKIPJACK algorithm is in no way
affected by this and is as strong as ever, only the government's ability to
use the LEAF may be compromised.
I still expect the government to drop key escrow when the hardware is ready
and that there will still be two means available to defeat Clipper available
to the government - without using any backdoor/trapdoor and without any
weakness in SKIPJACK (see my earlier postings - one is similar to the way GSM
can be tapped now).
Personally, I feel that Clipper is a valuable mid-range low-announced- cost
device that is "good enough for government work". PGP or triple DES used in
combination with Clipper is a viable next step up.
Padgett
P.S. Anyone notice Enigma-Logic's announcement of a one-time-password-token
emulation for the PC @ US$10/user (maybe less) ? Certainly an answer to
sniffers.
------------------------------
Date: Tue, 7 Jun 1994 03:19:55 -0700
From: Paul Carl Kocher <kocherp@leland.Stanford.EDU>
Subject: Re: Flaw in Clipper detected (Huggins, RISKS-16.11)
Although I doubt people will modify devices with hard-wired Clipper chips,
this is seems to be a very serious blow to Tessera (the government's PCMCIA
card with a Clipper chip).
Tessera has a standard programming interface that passes the programmer's
calls to the encryption card. Any experienced assembly language programmer
could easily add "support" for Blaze's technique for bypassing the LEAF (Law
Enforcement Access Field) validation check. This could be done transparently
and without significantly impacting performance. It could also fix up the
side effects of the attack (e.g. the first block is bad in CBC mode, etc).
Under MSDOS this could be done with a TSR that would intercept calls to the
card directly, so it would work with all Tessera applications. The same TSR
could also substitute pre-computed and/or brute-forced LEAFs for
interoperability with non-cheating users.
We were told that the reason for having escrowed keys and a secret algorithm
was to keep terrorists from having strong crypto. Now the bad guys have
full-strength SkipJack, the public has a flawed "standard," and because the
algorithm is classified we can't look for other problems. I'm also wondering
what's going on inside NSA -- DSS originally had alarmingly-small keys and has
been widely criticized, SHA was defective, and now this...
-- Paul Kocher kocherp@leland.stanford.edu
------------------------------
Date: 31 May 1994 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
EXCERPT. SEE OTHER ISSUES FOR FULL STATEMENT.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <risks-request@pica.army.mil>
(Dennis Rears <drears@pica.army.mil>). UK subscribers please contact
<Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<risks-request@csl.sri.com> (which is not automated).
CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. [...]
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories.
------------------------------
End of RISKS-FORUM Digest 16.12
************************
