[14692] in Cypherpunks
Re: Faster way to deescrow Clipper
daemon@ATHENA.MIT.EDU (bill.stewart@pleasantonca.ncr.com )
Fri Jun 3 13:10:24 1994
Date: Fri, 3 Jun 94 13:03:37 EDT
From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: cypherpunks@toad.com
> > ...not be able to decrypt the communications, but they still get your ID.
> >"your ID"? You mean your phone's ID. Goodness gracious, if you were
> >a criminal, you wouldn't go out and steal someone else's Clipper
> >phone, would you? Let's not get too high tech here, just because we
> >have the ability.
>
> Or you could just steal someone else's LEAF, by keeping a copy of it, and use
> that for spoofing. Then you could have a valid IV too...
The IV is session-dependent, and both ends generate it.
We don't know where in the LEAF the chipid is, but if they
use a fixed format and don't do a key-dependent permutation of the LEAF bits,
it shouldn't be hard to figure out (unless the checksum comes first
and they use a block-chaining encryption, in which case you know you lose.)
That would let you create rogue LEAFs with known users' chipids,
which would be interesting - does anyone want to make 65536 calls to
clipperphone@whitehouse.gov :-) ? (Yeah, it's not quite that simple.)
(If you do need a lot of data, cellphones are a good source,
since the cellphone operators' chipids are likely to be wellknown,
though rapidly tapped.)
Paranoid-speculation-mode: Of course, if you can forge LEAFs with
their chipid, they can forge LEAFs with yours, which could be used
to manufacture interesting evidence....
Bill
