Copy Link
Add to Bookmark
Report
SURFPUNK Technical Journal 096
Date: Sat, 21 Aug 93 15:56:22 PDT
Reply-To: <surfpunk@versant.com>
Return-Path: <cocot@versant.com>
Message-ID: <surfpunk-0096@SURFPUNK.Technical.Journal>
Mime-Version: 1.0
Content-Type: text/plain
From: surfpunk@versant.com (iveghny pbzchgre vyyvgrengr)
To: surfpunk@versant.com (SURFPUNK Technical Journal)
Subject: [surfpunk-0096] CRYPT: The Marketing of SKIPJACK (Clipper)
# .... I don't do E-mail, I'm a virtual computer illiterate,
# I don't know any hackers. I'm sort of concerned with where
# my own inner landscape intersects with contemporary urban
# reality; that's what I'm interested in. Generally
# speaking, if people want to sit down and talk about
# computers, I just got to sleep. Sort of nod out.
#
# > But your novels are often praised as celebrations
# > of hackerdom. The jacked-in computer cowboys
# > searching out hidden information...
#
# That's become the accepted interpretation. But that stuff
# is all just a metaphor. And I don't want to tell you what
# it's a metaphor for, because that's like having to explain
# a joke.
#
# -- William Gibson, interviewed in The Bay Guardian, 18Aug93
________________________________________________________________________
________________________________________________________________________
From: gnu@toad.com (John Gilmore)
Cc: cypherpunks@toad.com
Subject: Re: Cracking & auditing crypto protocols
In-Reply-To: <9308190206.AA16644@netcom.netcom.com>
Date: Sat, 21 Aug 93 08:55:45 -0700
> * A "cracker's guild" to break weak cryptography and publicize
> the cryptanalysis algorithms (cf. the Word Perfect crypto cracker),
> forcing the weak crypto off the market. For example, if
> NetCash was deployed this organization would crack it. This
> organization might be funded anonymously by those selling strong
> crypto (who have an incentive to debunk their competitor's hype).
The person who built the standard "network license manager" for Unix
(flexlm) has offered us cypherpunks access to the protocol if we'll
try to crack it.
> * A formal Crypto Auditing Agency that would verify the algorithms
> and protocols were secure, without revealing trade secrets.
> My next statement may cause hisses & boos, but I think the recent
> Crypto-Auditing of Clipper by Denning and other eminent
> cryptologists will be a model widely applied in the commercial
> computer security business. The auditors should be
> able to examine the source and run the programs without revealing
> trade secrets.
The auditing may indeed be duplicated. By marketing departments, and for
the same reason as the Denning auditing -- marketing. Solely.
There is no way that the selected group of people could crack a
half-reasonable cryptosystem in a few weeks. Real Cryptanalysts spend
months and years working on cracking cryptosystems, and none of the
panelists was a Real Cryptanalyst. We had all the details of DES,
and it took 15 years to make a dent in it.
But they fooled you -- and maybe a lot of other people -- so there *is*
a function for such review panels. Sponsoring one is a way to convince
innocent spectators who don't know better. Marketing.
John
Marketing Dept, Cygnus Support
________________________________________________________________________
From: gnu@toad.com (John Gilmore)
To: cypherpunks@toad.com
Subject: Requesting all records of the Clipper review panel
Date: Fri, 13 Aug 93 17:44:10 -0700
This is a draft, which will be sent out within a day or two.
John
Karl Bell
Deputy Director of Administration
Freedom of Information Act Officer
National Institute of Standards and Technology
Building 101, Room A-110
Gaithersburg, MD 20899
Dear Mr. Bell:
This is a request under the Freedom of Information Act
("FOIA"), 5 U.S.C. $ 552, on behalf of Mr. John Gilmore for all
agency records pertaining to and utilized by the Skipjack review
panel ("Panel").
This request also requests access to records which must be
made available under the Federal Advisory Committee Act
("FACA"), 5 U.S.C. App. II (1972). Section 8(b)(2) of the FACA
requires that the supervising agency for an advisory committee
must assemble and maintain records for the committee; Section
8(b)(3) of the FACA provides that such records are subject to the
FOIA.
The Panel's review is being performed pursuant to the
President's direction that "respected experts from outside the
government [] be offered access to the confidential details of the
algorithm to assess its capabilities and publicly report their
finding." The Acting Director of the National Institute of
Standards and Technology sent letters of invitation to potential
reviewers.
This request for records includes, but is not limited to:
all records relating to the selection of the Panel members;
all records of the Panel's activities and use of funds [FACA
$ 12(a)];
the charter of the Panel [FACA $ 9(c)];
all notices of Panel meetings [FACA $ 10(a)(2)];
all written determinations to close any part of a Panel
meeting [FACA $ 10(d)];
all records, reports, transcripts, minutes, appendices,
working papers, drafts, studies, agenda or other documents which
were made available to or prepared by the committee [FACA
$$10(b) & (c)].
For instance, the Panel's interim report states that:
We attended an initial meeting at the Institute for Defense Analyses
Supercomputing Research Center (SRC) from June 21-23. At that
meeting, the designer of SKIPJACK provided a complete, detailed
description of the algorithm, the rationale for each feature, and the
history of the design. The head of the NSA evaluation team described
the evaluation process and its results. Other NSA staff briefed us on
the LEAF structure and protocols for use, generation of device keys,
protection of the devices against reverse engineering, and NSA's
history in the design and evaluation of encryption methods contained
in SKIPJACK. Additional NSA and NIST staff were present at the
meeting to answer our questions and provide assistance. All staff
members were forthcoming in providing us with requested information.
All records pertaining to this and other meetings of the
Panel are included within the scope of this FOIA/FACA request.
If the requested records are not in the possession of your
agency, I ask that you forward this request to any agency that you
believe may have records that are responsive to this request. In the
alternative, I ask that you inform me of other agencies that might
have such records.
As you know, the FOIA provides that even if some
requested material is properly exempted from mandatory
disclosure, all segregable portions must be released. [5 U.S.C. $
552(b)] If any or all material covered by this request is withheld,
please inform me of the specific exemptions that are being claimed.
If any of the requested material is released with deletions, I ask that
each deletion be marked to indicate the exemption(s) being claimed
to authorize each particular withholding.
In addition, I ask that your agency exercise its discretion to
release information that may be technically exempt but where
withholding would serve no important public interest.
As you know, the FOIA provides that agencies may reduce
or waive fees if it would be "in the public interest because
furnishing the information can be considered as primarily
benefiting the public." [5 U.S.C. $ 552(a)(4)(A)] Release of this
material would be of benefit to the public because of the
importance of public discussion of technology which can enhance
personal privacy.
Moreover, in previous FOIA requests to NIST, Mr. Gilmore
has amply demonstrated his ability and willingness to disseminate
such information to the general public. I therefore ask that you
waive any fees relating to this request. Mr. Gilmore promises to
pay up to $1000 in processing costs should this fee waiver be
denied, so that NIST can begin processing this request while you
rule on the propriety of this fee waiver.
If you have any questions regarding this request, please
telephone me at the above number. I would be happy to discuss
ways in which this request could be clarified or somewhat
redesigned to reflect the agency's filing system and speed the
search for records.
As provided under the FOIA, I will expect a reply within 10
working days.
Sincerely yours,
Lee Tien
On behalf of Mr.
John Gilmore
________________________________________________________________________
U.S. Computer May Have Violated Export Regulations
By PAUL RAEBURN, AP Science Editor
NEW YORK (AP) _ The Digital Equipment Corp. abruptly pulled two
powerful new computers off a global computer network out of concerns
about possible export violations, even though the computers never left
the country.
The result of Digital's action was to deny U.S. computer users access
to U.S. computers operating in the United States.
Critics said the episode demonstrates how export laws intended to
regulate weapons technology are not only infringing on American civil
liberties but also stifling innovation and hurting American
businesses.
Digital said its concern was that foreigners could connect to the
computers from abroad, generate data, and illegally export it over the
Internet computer network, which carries data and electronic mail
around the world.
The computers were reconnected to the computer network on July 7, but
access is now limited to people who are screened by the company, Mark
Fredrickson, a Digital spokesman, said Friday.
The computers are not what industry would call supercomputers, but they
do fit the government definition of a supercomputer.
A former Commerce Department official who is now a trade consultant in
Washington said the connection of a supercomputer to a global network
could lead to violations of federal export regulations.
``If it was available overseas and they allowed people overseas to use
it, then technically they were allowing access to a supercomputer to
people they didn't know,'' said Paul Freedenberg, who was the Commerce
Department's undersecretary for export administration at the end of the
Reagan administration.
Freedenberg is an international trade consultant at Baker and Botts in
Washington, the law firm of former Secretary of State James Baker.
He emphasized that he had no personal knowledge of the Digital computer
hookup and that he was speaking of the regulations generally. ``I can't
say Digital violated the law, because I don't know what Digital did,''
he said.
Lee Mercer, Digital's corporate export manager, said making the
computer available was not a violation. A Commerce Department official,
speaking on condition his name not be used, agreed that making the
computer available was not a violation, but that export of data
generated on the computer would be a violation of regulations.
The computer hookup was in place for five weeks in April and May, said
Fredrickson. It was intended to give potential customers the
opportunity to test-drive the computers. It was terminated by company
executives who wanted to avoid any appearance of violating export
regulations, he said.
``None of this has been motivated by anyone from the government
suggesting that we do anything here,'' said Fredrickson. ``This was
simply our own internal people raising the possibility of concern.''
In a separate incident last year, a Digital computer ``bulletin
board,'' offered access to programs for encoding computer data.
Exporting such software is a violation of federal regulations,
Freedenberg said. ``It's a technical data transfer'' that falls under
the State Department's control of munitions export, he said.
Frederickson said the company shut the bulletin board down to ensure
that the software would not be exported illegally. ``Nothing was found
that was thought to be a concern even meriting informing the government
about it,'' he said.
Digital, the nation's No. 2 computer maker after IBM, said that 65
percent of its $14 billion in annual sales are overseas. In December
1991, the Commerce Department charged the company with 62 violations of
export laws and fined it $2.4 million.
It was the largest fine the department had imposed for export
violations. Digital agreed to pay it without admitting or denying
guilt.
The Digital computers connected to the network were two of Digital's
new AXP 4000 computers, operating in a Digital laboratory in Palo Alto,
Calif. The computers, which cost from $77,000 to $100,000, are
considered midsized computers by industry standards.
Freedenberg said that the government would probably soon revise its
outmoded standards that define those models as supercomputers and bring
them under export regulations.
Robert Kaylor, a spokesman for the Commerce Department, said the
department was prohibited by law from discussing the details of a
specific case.
Critics called for speedy revision of the export laws, which date from
the Cold War.
``Export control policies are shutting us directly out of certain
markets,'' costing U.S. businesses at least $10 billion a year in lost
exports, said Howard Lewis, vice president of the National Association
of Manufacturers.
``It's harmful to innovation, but we think it's also very harmful to
the privacy interests of American citizens,'' said Daniel Weitzner, an
attorney with the Electronic Frontier Foundation, a group concerned
with computers and civil-liberties issues.
________________________________________________________________________
________________________________________________________________________
The SURFPUNK Technical Journal is a dangerous multinational hacker zine
originating near BARRNET in the fashionable western arm of the northern
California matrix. Quantum Californians appear in one of two states,
spin surf or spin punk. Undetected, we are both, or might be neither.
________________________________________________________________________
Send postings to <surfpunk@versant.com>,
subscription requests to <surfpunk-request@versant.com>.
WWW Archive at ``http://www.acns.nwu.edu/surfpunk/''.
________________________________________________________________________
________________________________________________________________________
Internet Protocol packet size is two octets.
The procedures used in the host knows to whether such a way
of putting it is set to zero.
Note: No addresses are allocated among Research, Defense,
Government (Non-Defense) and Commercial uses.
There are several time outs involved in a network
environment. It does not specify the points of
interception. Then the center zooms into the canonical name
of the algorithm only one ADMD per country, and so we did
not find them commercially available. Examples are gateways
among networks would be the same host that handles mail on
this class are reserved for future allocation by joint
agreement of ISO layers which can then manipulate that
composite as a separate table is updated to reflect revised
Multimedia Syntax
The SPECIFICATION identifies the documents specifying the
reason for disabling this SIMP-host link that it evolve
into a host to send mail to repository users rely on the
main body of the hosts in the introduction. Process groups
are also now supported for both systems to be connected to
the right name is--after setting an appropriate
modification of the original ARPANET Host/IMP interface is
very attractive, their low speed network interconnection
with personal computers, and possible methods of
distributing such news: the Internet Protocol.
NVFS
The sending NETBLT has to be available to the sender must
time out on the contents of the Outboard Processing
approach has the following diagram:
3 +---+ ----------->| F |
Figure 4-1. SYNCH Packet Format
ISO 8348 Information processing systems - Open systems
interconnection - Basic mode control procedures (see
12.2.1.2) are used in classes 1, 2, 3, 4 set to one (1) to
eight (8), where bit one (1) then segmentation has taken
effect.
2.5.1. Specialized Usage
There is one outside the site. The pathname of the called
address, and any two-way traffic, such as HMP described in
the workstation to the recommendations of the same format
as the value 170 (decimal).
0 0 1 1 0 1 0|1 1 1 0 2 2 4
-- markov3 rfc9[0-9][0-9]
