Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Clipper chip
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Technical vulnerabilities == In 1994, [[Matt Blaze]] published the paper ''Protocol Failure in the Escrowed Encryption Standard''.<ref name=Blaze>{{cite journal |url=http://www.mattblaze.org/papers/eesproto.pdf |title=Protocol Failure in the Escrowed Encryption Standard |first=Matt |last=Blaze |author-link=Matt Blaze |date=August 20, 1994 |journal=Proceedings of the 2nd ACM Conference on Computer and Communications Security |pages=59β67 |access-date=October 2, 2018 |archive-date=March 6, 2020 |archive-url=https://web.archive.org/web/20200306203726/https://www.mattblaze.org/papers/eesproto.pdf |url-status=live }}</ref> It pointed out that the Clipper's escrow system had a serious vulnerability: the chip transmitted a 128-bit "Law Enforcement Access Field" (LEAF) that contained the information necessary to recover the encryption key. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit [[cryptographic hash|hash]] was included. The Clipper chip would not decode messages with an invalid hash; however, the 16-bit hash was too short to provide meaningful security. A [[brute-force attack]] would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability.<ref name=Blaze/>{{rp|63}} In 1995 Yair Frankel and [[Moti Yung]] published another attack which is inherent to the design and which shows that the key escrow device tracking and authenticating capability (namely, the LEAF) of one device, can be attached to messages coming from another device and will nevertheless be received, thus bypassing the escrow in real time.<ref>[https://books.google.com/books?id=Q-6qCAAAQBAJ&pg=PA222 Y. Frankel and M. Yung. Escrow Encryption Systems Visited: Attacks, Analysis and Designs. Crypto 95 Proceedings, August 1995]</ref> In 1997, a group of leading cryptographers published a paper, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper chip Skipjack protocol.<ref>{{Cite web |url=http://academiccommons.columbia.edu/catalog/ac%3A127127 |title=The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption |access-date=2015-02-19 |archive-date=2018-08-09 |archive-url=https://web.archive.org/web/20180809061031/https://academiccommons.columbia.edu/catalog/ac:127127 |url-status=live }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)