Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!uwm.edu!caen!uunet!news.centerline.com!noc.near.net!chpc.chpc.org!rboudrie
From: rboudrie@chpc.org (Rob Boudrie)
Subject: Re: The Old Key Registration Idea...
Message-ID: <1993Apr17.025243.3639@chpc.org>
Organization: Center For High Perf. Computing of WPI; Marlboro Ma
References: <1qn1ic$hp6@access.digex.net>
Date: Sat, 17 Apr 1993 02:52:43 GMT
Lines: 35

In article <1qn1ic$hp6@access.digex.net> pcw@access.digex.com (Peter Wayner) writes:
>Okay, let's suppose that the NSA/NIST/Mykotronix Registered
>Key system becomes standard and I'm able to buy such a system
>from my local radio shack. Every phone comes with a built in
>chip and the government has the key to every phone call. 
>I go and buy a phone and dutifully register the key. 
>
>What's to prevent me from swapping phones with a friend or 
>buying a used phone at a garage sale? Whooa. The secret registered
>keys just became unsynchronized. When the government comes 

It's very possible, even likely, that the serial number of the
invididual chip is broadcast either in a standard encrypted 
format, so that all the big brother types need to do is listen to
the traffic, get  a court order (generally just by saying that they
think you may be a crook) and go to it.
r
>to listen in, they only receive gobbledly-gook because the 
>secret key registered under my name isn't the right one. 
>
>That leads me to conjecture that:
>
>1) The system isn't that secure. There are just two master keys
>that work for all the phones in the country. The part about
>registering your keys is just bogus. 
>
>or 
>
>2) The system is vulnerable to simple phone swapping attacks
>like this. Criminals will quickly figure this out and go to
>town.
>
>In either case, I think we need to look at this a bit deeper."'jbl)mW:wxlD2


