back to article Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Not since the days of the US Clipper chip in the early 1990s, have backdoors put there by government decree to bypass encryption been this fashionable with governments. Clipper – an encryption chipset with a US-government-accessible backdoor backed by the US National Security Agency (NSA) – foundered on the stubborn resistance …

  1. MJI Silver badge

    How are they going to make sure the "enemy" buys back door kit?

    So they mandate that US say has them, but what about everyone else?

    1. The Man Who Fell To Earth Silver badge
      Black Helicopters

      Little guy

      "While big organisations can overlay their own encryption on cloud, that’s not true of all services."

      Individuals can also put their own encryption overlays on cloud storage, and should be doing so now anyway. Some services, like nCrypted Cloud & Boxcryptor, are free for individuals.

      1. Missing Semicolon Silver badge
        FAIL

        Re: Little guy

        Such overlaying of unbackdoored encryption over a legal backdoored cloud encrypted system will simply be illegal.

    2. 2+2=5 Silver badge
      Joke

      Re: How are they going to make sure the "enemy" buys back door kit?

      > How are they going to make sure the "enemy" buys back door kit?

      By giving the design to China to implement in everything.

      1. Captain Obvious

        Re: How are they going to make sure the "enemy" buys back door kit?

        You beat me to the punch - was getting ready to post a similar content but you were faster :)

      2. Anonymous Coward
        Anonymous Coward

        'By giving the design to China to implement in everything'

        China helps shed light on the types of people Govt really want to target backdoors at. Slurprisingly its not terrorists or actual bad guys, its more likely to be activists and journalists etc:

        ________________

        "AI-powered CCTV for automated facial recognition and population monitoring is widely used in China, with English-language propaganda from the Communist country being carefully sanitised to make it appear that the tech is only used to catch criminals and boost public safety. In reality the system is used by the State to hunt down and capture those who might embarrass officials, among others."

        ________________

        https://www.theregister.co.uk/2018/09/04/5g_west_midlands_testbed_50m/

      3. GnuTzu Bronze badge

        Re: How are they going to make sure the "enemy" buys back door kit?

        The Orwellian nightmare is coming. When they finally wake up and realize what will be needed to enforce this, they'll either back off or burn the Constitution. Which do you trust them to do?

      4. Mark 85 Silver badge

        Re: How are they going to make sure the "enemy" buys back door kit?

        By giving the design to China to implement in everything.

        Not just the design, but the keys also.

    3. Peter Galbavy

      Re: How are they going to make sure the "enemy" buys back door kit?

      In these scenarios the targets are citizens and residents of the five eyes nations - extra-territorial spying is a different game entirely.

    4. Eddy Ito Silver badge

      Re: How are they going to make sure the "enemy" buys back door kit?

      Fortunately the Ozzie gov't put out this helpful little PSA. You might want headphones to watch the vid if you're at work.

    5. DCFusor Silver badge

      Re: How are they going to make sure the "enemy" buys back door kit?

      Simples, make using kit without a backdoor a jail-able offence or equivalent.

      After all, you have nothing to hide, right?

      They already can force a password to be revealed in some cases. Forgetting is contempt of court.

    6. Jaybus

      Re: How are they going to make sure the "enemy" buys back door kit?

      Quite plainly, it is a stupid proposal. Access to keys stored at the ISP doesn't accomplish much. In any end-to-end encryption system, such as with OpenVPN, the ends each have sole access to their private key. The ISP cannot possibly grant anyone access to it.

  2. Paul Crawford Silver badge

    And for the rest of the world?

    Thing is if the 5-eyes get together and demand that companies in these regions give them this back door, what will the rest of the world do?

    1) Say "Its a fair cop, we trust you, here you go gov'ner"

    2) Say "No 5-eyes software or services here" and thus provide a gov-mandated alternative for EU/Russia/China/India/etc

    1. Just Enough

      Re: And for the rest of the world?

      You honestly think that Russia/China aren't implementing the same?

      1. jmch Silver badge

        Re: And for the rest of the world?

        All it needs is one jurisdiction that values privacy very highly and won't be bossed about, like the EU or Switzerland, in which a company can set up data centers supporting end-to-end encryption for applications like email, instant messaging, file sharing etc.

        Anyone in the US or a 5-eyes country can have an account with such a service, and 5-eyes can't do anything about it unless they want to go the full China-style Great Firewall. Even then, using VPNs, TOR etc can get around it.

        I understand what the spooks want, and why, and I even get the historical justification about law enforcement in a modern democracy where warrants are an important part of the legal framework. But what actually will result if they get mandated 'legal access' to any systems based in their jurisdictions is that criminals will use other systems, normal users will get more paranoid, and the Internet will be effectively broken up into a number of subnets split by political bloc

        1. Ken Hagan Gold badge

          Re: And for the rest of the world?

          "I even get the historical justification about law enforcement in a modern democracy where warrants are an important part of the legal framework."

          Law enforcement has never had (even with a warrant) access to the contents of someone's head. (That's not to say it has never tried. The resulting societies have not been fun places to live.) Likewise it has never had access to the vast majority of private conversations between people. Somehow it has managed.

      2. stiine Bronze badge

        Re: And for the rest of the world?

        @Just Enough: Don't you think they've already done this? We know that China has.

  3. Anonymous Coward
    Anonymous Coward

    Am I being thick ?

    Let's assume that any proprietary encryption system - be it Skype, Whatsapp or whatsever is tainted.

    Is there not a solution by simply adding another layer - of known, good encryption - over the top ?

    Rinse and repeat ?

    Moreover, is there not scope for an encryption technique which uses two passkeys, and which renders an anodyne innocent message when supplied with the "duress key" ? Off the top of my head, embedding a simple* text message (which could be a URL which leads to another ...) in a nude selfie and then encrypting that. Few people would be able to argue a nude selfie is an odd thing to encrypt and if the steganography is done correctly** there's no trace of the other message.

    *"Simple" - most bad guys fall down here and make things waaaaaaaaaay too complex

    ** Aye, there's the rub ...

    1. big_D Silver badge
      Coat

      Re: Am I being thick ?

      Nude selfie... Aye, there's the rub.

      I see what you did there.

      1. Martin Summers Silver badge

        Re: Am I being thick ?

        "Nude selfie... Aye, there's the rub."

        "I see what you did there."

        Eww, so I take it you broke his first layer of encryption then.

    2. NonSSL-Login

      Re: Am I being thick ?

      Apps on phones such as whatsapp run in their own memory space so it is not a simple task to add another encryption layer on top without rooting phones and such which cuts out most users. A keyboard app could potentially convert what you type ad copy to clipboard and convert replies but it would be far from pretty and straight forward which is what app users want.

      The NSA/GCHQ's are being crafty now and instead of asking for backdoors in encryption, they are asking technology companies to implement sly changes which means no backdoor is needed. Skype conversations used to be peer to peer and never touched servers so one assumes they got Microsoft to buy and change the product so all conversations went through their servers for the 5+ eyes benefit.

      One assumes Whatsapp went out of their way to help the government agencies by adding a chat backup option, an in your face popup to all users asking if it should be enabled and when they do, it disabled the encryption of their chats. The backup of their chats are also stored on their servers indefinitely for the 5+ eyes too.

      So expect more sly changes like these as technology companies shout publicly that they are fighting for your privacy while still looking you eye add these privacy defeating changes they hope you don't notice.

      1. Martin Summers Silver badge

        Re: Am I being thick ?

        "so it is not a simple task to add another encryption layer on top without rooting phones"

        Maybe not but bad people can go old school and come up with code of their own, like "the geese fly to the pink elephant tonight" and they'd not have a scooby what they were talking about without an informant. So maybe they should stick to proper spying and concentrate on paying bribes to informants.

        Do we actually still have Bond types out there or have they confined them to desk duties now?

        Also your point about WhatsApp backups, hadn't actually considered that!

      2. JohnFen Silver badge

        Re: Am I being thick ?

        "they are asking technology companies to implement sly changes which means no backdoor is needed."

        Those "sly changes" are a backdoor. a backdoor doesn't mean the crypto itself is broken, it means there is a way to access the clear data despite encryption. That way can be (and often is) interception of the clear data before legitimate encryption or after legitimate decryption.

      3. MachDiamond Silver badge

        Re: Am I being thick ?

        "One assumes Whatsapp went out of their way to help the government agencies by adding a chat backup option,"

        That's one of the problems. What are you to Whatsapp? A dust mite on a flea and they don't care about you as an individual at all. If the government puts a wee bit of pressure on them or even just asks, they'll throw you under the bus in two shakes (less time than it takes a nuke to trigger).

        It's amazing how much companies like FB get away with and part of it could be how well they play ball when governments come calling. Sure, Zuckerberg has been called out on the carpet a few times for bouts of complete stupidity, but I don't recall hearing about any substantial fines being levied (or paid) and Mark isn't even wearing a tracking ankle bracelet.

        The first to capitulate will be social media and cloud services. Big companies will be more likely to fight like dogs since backdoors could expose some of their better hidden skeletons.

        1. Mark 65

          Re: Am I being thick ?

          they'll throw you under the bus in two shakes

          Future tense? I think Whatsapp threw everyone under the bus some time ago, likely after being bought by one of the 5-eyes outsourced spying agencies. There's no way that treasure trove of metadata isn't well and truly sitting in Utah.

  4. Bernard M. Orwell Silver badge
    Big Brother

    " really dangerous people would simply look elsewhere for their internet service"

    But its never been about surveilling the "bad guys", has it? It's about surveilling everyone so that the PtB can selectively remove or silence any threat to their wealth or power.

    1. Dan 55 Silver badge

      As the article says:

      it’s no secret that encryption has become a problem for police. It’s not necessarily that they can’t break it at all – every system has its design weaknesses and vulnerabilities - but they can’t do it presquickly [sic] enough to conduct surveillance on enough targets for that to make a difference.

      And you have to have a reasonable definition for 'enough'. They're complaining at the moment because it's not reasonable. If it were (e.g. restricted to criminal suspects), we wouldn't be having this discussion at all.

      Anyway judging by the current governments in US, the UK, and Australia, TPTP seem to be threatening their own wealth and power.

    2. EricM

      Re: It's about surveilling everyone? This does not matter

      just questioning the motives of the backdoor supporters makes it much too easy for them to paint you as a paranoid lunatic or move the debate to a pseudo moral level of good vs. evil.

      But even IF every proponent of such a scheme might hold only the sincerest of intentiions for advancing the public well-being by helping law enforcement against the commonly agreed-upon really bad guys - secret government backdoors to encryption do not work also in this best-case scenario.

      So intentions do not really matter here...

      Law of mathematics/physics cannot be overruled by law of justice.

      Just as you cannot pass laws to change gravity, you cannot pass laws to enforce decryption in the middle of an end-to-end encrypted data transfer.

      The only alternative is to force companies by law to roll out defective encryption that opens all communication, mail, bank accounts, etc. to criminals.

      Which government official wants to explain why that might be a good trade-off?

      1. Ken Hagan Gold badge

        Re: It's about surveilling everyone? This does not matter

        "The only alternative is to force companies by law to roll out defective encryption that opens all communication, mail, bank accounts, etc. to criminals. Which government official wants to explain why that might be a good trade-off?"

        And how long will it be before his or her bank account number is public knowledge?

        1. MachDiamond Silver badge

          Re: It's about surveilling everyone? This does not matter

          "And how long will it be before his or her bank account number is public knowledge?"

          For high government officials, the first time there is a problem, they will vote their own very separate banking system that has the best encryption possible. In the US, the government voted in a horribly flawed health insurance system disguised as health "care" with the congress critters getting their own very separate and much higher quality health service. Some pigs are more equal.

    3. Mark 85 Silver badge

      We should wonder or ask (not sure who to ask) is this also for government officials? In US, would Congress types have their messages/chats watched? Would this allow controlling how a CongressCritter votes come budget or "powers" time? Once the system is broken for the bad guys and the little people, can the government itself be far behind?

      1. VikiAi Silver badge
        Trollface

        If encryption is criminal...

        If encryption is criminal, then only criminals will have encryption.

        Ergo: politicians will still have encryption.

  5. Anonymous Coward
    Anonymous Coward

    Don't assume they don't have supercomputers...

    I have it on good authority from a source I trust that the someone like the NSA have bought up all of one particular model of supercomputer as they hit the disposals lists, and have created a monster encryption cracker with them.

    The ones that I was involved with were very carefully uninstalled by the dedicated third line maintenance team as working systems (albeit with the data scrubbed from the disks), in a manner where they could be redeployed quickly. I was told that they were going to be re-manufactured and have the processors and memory upgraded to be added to an existing large cluster run by an organization that could not be named. I was also told the next owner 'loved' this particular architecture because of what they could do with it.

    By contrast, the previous two generations of supercomputer I saw that were removed from this site were ripped down to their rack mountable components before they were removed.

    I don't think the resultant system would be able to do real-time decryption, but I'm sure there are other less time dependent decryption jobs that could be done with this type of machine.

    1. NonSSL-Login

      Re: Don't assume they don't have supercomputers...

      It wouldn't surprise me if they have access to be able to use every idle CPU on the Amazon cloud along with some tools that distribute the load of the job. No supercomputer needed when you can have a million computers working for 2 minutes on their section of the same job.

      1. BebopWeBop Silver badge
        Thumb Down

        Re: Don't assume they don't have supercomputers...

        Properly designed crypto - a million computers, 2 minutes - grow up and do the maths.

    2. BebopWeBop Silver badge

      Re: Don't assume they don't have supercomputers...

      I have it on good authority from a source I trust that the someone like the NSA have bought up all of one particular model of supercomputer as they hit the disposals lists, and have created a monster encryption cracker with them.

      Ther are good reasons why anonymous 'but I trust them' sources tend not to be welcome in the public domain - even if the latest Trump debacle was cheering and reinforced opinions on thoe who though it was the case..... (being one myself - but I am still curious about the morive(s))

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't assume they don't have supercomputers...

        My source was not anonymous - I could name them but won't, and he gave me strong hints rather than solid information, and I have pieced together the rest.

        I could have made incorrect assumptions, true, but what I was told definitely pointed in this direction, especially as many of the team that I talked used to fall off the map for days at a time, with no other explanation other than they couldn't say where they had been, and that it was within (US) driving distance of their base location.

        I'm anonymous for this info, but I do post under my normal handle here as well.

        1. JohnFen Silver badge

          Re: Don't assume they don't have supercomputers...

          "My source was not anonymous - I could name them but won't,"

          Which means they're anonymous. Not to you, but to everyone you're telling this story to.

        2. Mark 85 Silver badge

          Re: Don't assume they don't have supercomputers...

          I'm anonymous for this info, but I do post under my normal handle here as well.

          You believe that you're really anonymous? Is there some document somewhere that explains how your post can't be tracked? I'm just curious as there's always ways to find "anonymous" in any system.

          1. VikiAi Silver badge
            Boffin

            Re: Don't assume they don't have supercomputers...

            Well, theRegister can view who is under the 'Anonymous' label on their own system (otherwise your anon entries couldn't show up on you 'My Posts' page).

            And miscreants would reign unchecked on the message boards.

    3. Michael Wojcik Silver badge

      Re: Don't assume they don't have supercomputers...

      I think you've misunderstood the claim in the headline (or the headline is wrong). No one who knows anything about the NSA - e.g. from reading The Puzzle Palace or any of the other well-known treatments of the organization - thinks they don't have supercomputers. The NSA has extensive computing resources of various classes; that's amply documented and uncontroversial.

      The point the headline is making is that there's no (credible) evidence that the NSA or other organizations have magical computing capabilities which let them break properly-implemented modern cryptography. It's very likely that they have had certain cryptanalytic capabilities before they were publicly known - differential cryptanalysis, for example, and the ability to break DH when it uses weak, well-known parameters. But not TV-style "it's encrypted - it'll take me a few hours to break it" capabilities.

      That's why they're pushing backdoors. Nation-state SIGINT operations will work on all fronts available to them - that's their mandate. So they have cryptanalysts and mathematicians looking for new weaknesses in algorithms and protocols; they have massive computing resources; they develop and use attacks on software vulnerabilities to plant keyloggers and RATs; and so on. They'll also push for backdoors, both voluntarily from manufacturers and by legislation.

  6. fedoraman
    WTF?

    What does that word mean?

    It’s not necessarily that they can’t break it at all – every system has its design weaknesses and vulnerabilities - but they can’t do it presquickly enough to conduct surveillance on enough targets for that to make a difference.

    Mmm?

    1. phuzz Silver badge

      Re: What does that word mean?

      It's a perfectly cromulent word.

  7. An nonymous Cowerd

    voluntarily?

    “The governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries,”

    the "voluntarily" word struck me, as it did in about 2009 when US Qwest Comms International CEO Joseph Nacchio did NOT volunteer his customers data to the N.S.A. and was then imprisoned on ‘unrelated’ tax fraud charges - also US Sprint telco fought as well as they could in the secret courts trying, but failing NOT to ‘volunteer’ for the data theft

    lots of redacted stuff here http://www.dni.gov/files/documents/0708/BR%2009-19%20Primary%20Order.pdf (pdf 1.6MB)

    1. JohnFen Silver badge

      Re: voluntarily?

      Indeed. This "voluntarily" business is a common lie that governments tend to employ. If I point a gun at your head and tell you you can choose to either volunteer give me your wallet or I'll shoot you and take it, when you give me your wallet there was nothing "voluntary" about it.

  8. Duncan Macdonald Silver badge
    Black Helicopters

    Clipper ? - Intel ME

    The Intel Management Engine looks to be the modern replacement for the Clipper chip.

    Full snooping on the whole memory - internal network capability - able to override the OS - hidden source code (probably only shared with the NSA).

    Almost all online Intel based computers with the Intel ME can almost certainly be controlled by the NSA if they wish. Secure encryption and decryption MUST be done on an offline computer with no network connection.

    1. Chronos Silver badge

      Re: Clipper ? - Intel ME

      Agreed, with the little addendum that AMD also has a Judas-puter in the form of PSP. Right now, nothing in the current x86 line-up is trustworthy. Not a problem, you may think, just run older kit? Well, many of the services you connect to are also running Xeon/EPYC. It really doesn't matter which end of the pipe gives up the unencrypted data as long as one of them does.

    2. phuzz Silver badge

      Re: Clipper ? - Intel ME

      IME was supposed to be a desktop version of the ilo you already get on servers. It was originally intended to only be installed in the sort of machines that Dell and HP sell to big organisations (if you're responsible for thousands of desktops it's very useful).

      The question is, why did they start putting it in all their consumer kit as well?

      1. Chronos Silver badge

        Re: Clipper ? - Intel ME

        I used to love Compaq's ILO boards. Thing with ILO was you could remove them and, even if you didn't, they were under your direct control.There is only one logical reason why this technology has been adopted by both USian processor manufacturers and that reason certainly does not have your best interests at heart.

        What I object to with all of this is that it fundamentally undermines the assumption of innocence and the concept of mens rea. We already have RIPA over here doing much the same thing. The situation in the UK is so bad that it is now possible to lock anyone up at whim. Just take their smart phone, encrypt it with a random key, fabricate a reason to require decryption and lock 'em up when they can't.

      2. eldakka Silver badge

        Re: Clipper ? - Intel ME

        The question is, why did they start putting it in all their consumer kit as well?

        One word (well, technically, acronymn not word): DRM.

        The UHD Bluray standard (including UHD i.e. 4k stuff streamed in browsers or apps, e.g. Netflix) mandates a secure encryption path through the system. A path a user (i.e. owner of the computer) cannot access, so that they can't bypass HDCP 2.x encryption on video. This is implemented via Intel's IME or AMD's PSP.

        Without such secure (supposedly), controlling enclaves to prevent the computer's actual owner from accessing the content, then the computer can't access (or be the streaming conduit for) commercial UHD content.

        1. JohnFen Silver badge

          Re: Clipper ? - Intel ME

          "This is implemented via Intel's IME"

          No, it's not. Are you perhaps confusing the IME with TPM?

  9. J.G.Harston Silver badge

    Orac was meant to be fiction, not a blueprint.

  10. alain williams Silver badge

    How long before the Gov't backdoor ...

    is for sale on the dark web ? Probably at a hefty price, but available ?

    Russia's GRU, and other state spooks, will probably have it before then.

    1. Anonymous Coward
      Anonymous Coward

      Re: How long before the Gov't backdoor ...

      Zuckerberg & Facebook already see the business potential:

      www.theregister.co.uk/2018/08/24/irish_data_protection_commish_opens_inquiry_on_facebook_data_transparency/

      medium.com/insurge-intelligence/how-facebook-will-infiltrate-national-elections-and-rule-the-world-in-less-than-10-years-unless-732da197b8fd

  11. fm+theregister

    NSA does have loots of super computer rooms

    Hopefully they will be put to good use, with better tools, to achieve the very same objective - stop criminals and terrorists.

    The tools and the operators sure need warrant and reward, after all it is a gray area - and the organizations using the tools may decide to use them for other purposes other than pursue crims+terrorists - in which case, if you helped with such tools, you cannot be deemed responsible for the bad use of them.

    And travelling abroad, only with diplomatic passports.

  12. Graham Cobb

    Questioning the premise

    We need El Reg to be more active in questioning the premise behind these sorts of requests. Before talking about either the impact or the implementation details (as in this article) we need to be much more critical of the claims being used to justify this.

    The claim is that law enforcement is "going dark" and losing access to evidence it needs.

    On the contrary. it is a golden age for law enforcement. Instead of planning with trusted comrades, in a private room, criminals now use text and even talk on mobile phones in public places. Some even use email and web chatrooms (particularly those planning digital crimes). Much more planning information is available to law enforcement.

    And, as for evidence of the crimes themselves, instead of just stealing something or assaulting someone criminals now often record their actions with photos or even videos. For their own amusement or to prove to someone else that they did as they were commanded. That evidence is often available and would never even have existed in the past.

    Law enforcement have never had it so good. There is so much evidence available to them.

    As we all know, policing is a difficult job. Unfortunately for them, we need it to remain so in order to protect our civil liberties (such as trade unions, effective protest and campaigns for major societal changes). The simplifications that the digital world have introduced to their job need to be rolled-back.

    Encryption is part of that: not only is there no justification for demands for law enforcement access, we actually need improved, easy-to-use, routine encryption to protect all of us and our civil liberties.

    1. Mark 85 Silver badge

      Re: Questioning the premise

      How many times have we hear law enforcement AFTER THE FACT say things to the effect: "They were on our watch list but this got past us."? Quite often from reading the news. If they want more data than they need to be more vigilant. So far, I don't think we're seeing it.

  13. EnviableOne Bronze badge

    Five Eyes Only

    Yeah just the 5 bigest nations divided by the common language of english, that are already spying on each other's citizens for each other.

    RIPA in the UK

    FISA in the US (section 702 anyone)

    AUS are on the way

    looks like CAN and NZ are playing catchup

    hmm perhaps i should brush up on my forgien language skills or build me a SEALAND

  14. Gary Bickford

    ... Profit!

    Every government busybody's ideal solution:

    - make everything illegal

    - make every method to prevent being caught or even talking about it illegal

    ...

    - profit! - or more tax income! - or more control!

  15. DougS Silver badge

    If both Apple and Google refuse to cooperate

    What recourse do governments of the world have? Ban both and leave consumers unable to buy any phones? I'm sure eventually AOSP based Android flavors that included the backdoors would become available, but I think there would be a consumer revolt against the powers that be long before that.

    1. Duncan Macdonald Silver badge
      Black Helicopters

      Re: If both Apple and Google refuse to cooperate

      A few unfortunate accidents or illnesses to the objecting directors or their families - the policy would soon change.

  16. a_mu

    No crypto is safe long term

    No encryption is safe long term.

    Once upon a time, we had the Geheimschreiber , a un crackable code.

    cracked with a lot of effort back then, takes a few seconds now ,

    With a back door , it will be cracked, may be not for a decade or so,

    but it will be cracked,

    and then everything thats has been transmitted in the past is open to be read.

    industrial secrets , ha a thing of the past.

  17. Michael Wojcik Silver badge

    Clipper history

    The article is a decent summary of the state of SIGINT and the reasoning behind th epressure for "voluntary" backdoors, but this bit isn't really accurate:

    Clipper – an encryption chipset with a US-government-accessible backdoor backed by the US National Security Agency (NSA) – foundered on the stubborn resistance of one man in his spare room, Phil Zimmermann, and a modest home-brew application, PGP

    Clipper "foundered" at least as much for two other reasons, one technical and one political. Politically, it was simply unpopular; the proponents did a poor job of marketing it, and sentiment was against it from the start, in both government and business.

    On the technical side, while Zimmerman showed that competing, non-backdoored encryption could easily be made available, a more devastating blow came from Matt Blaze's crack of the LEAF checksum. That doomed Clipper's key escrow system, which removed the whole justification for the thing. If you want to lay the death of Clipper at the feet of any single person, I think Blaze is the one.

    More broadly, you can lump Zimmerman and Blaze in with the surge of interest in computer-assisted crypto that developed in the '70s, '80s, and '90s, after Diffie-Hellman(-Merkle) and RSA were published (1976 and 1978, respectively) and DES was standardized (1977). By the time the Cypherpunks mailing list was established in 1992, the genie was clearly out of the bottle. The publication of ARCFOUR1 in '94 meant that anyone could have a decent stream cipher - RC4 is so simple you could memorize the algorithm (or print it on a t-shirt, etc).2

    When Clipper came out in 1993, it was effectively dead on arrival.

    1Alleged RC4, the public reverse-engineered implementation of RC4, which was a trade secret. Everyone was pretty sure ARCFOUR was identical to real RC4, and it certainly did an equivalent job.

    2RC4 is considered unsafe now, and there are public attacks against correlations in the key stream that mean it can be broken with ordinary resources unless countermeasures are employed. It's not publicly known how much of that NSA knew in '94, or what resources they could devote to breaking RC4. It's likely that widespread use of RC4 would have significantly restricted their ability to do mass real-time or near-time data inspection for several years, though.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019