Applied Cryptography: question on skid3

[MindFuq]

I have a question on what seems to be a defect in the Applied
Cryptography book, and I couldn't get an answer out of Schneier or the
cypherpunks mailing list.  Could any of you please clarify my issue?

My question is regarding Schneier's write up of SKID3 on page 56.  He
states that the protocol is not secure against man-in-the-middle
attacks because no secrets are involved.  I'm finding this hard to
accept, because SKID3 uses a MAC, which requires a shared secret key
between the two parties.  I played out the scenario, and cannot see
how a man in the middle could attack w/out knowing the secret key used
in the MAC.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period

[MindFuq]

* Tim Dierks [EMAIL PROTECTED] [2003-03-02 12:27]:
 
 This would seem to imply to me that the wiretap act does not apply to any 
 normal telephone conversation which is carried at any point in its transit 
 by an electronic switch, including all cell phone calls and nearly all 
 wireline calls, since any such switch places the data of the ongoing call 
 in storage for a tiny fraction of a second.

I believe the reason behind the 'in storage' rule is that someone
could protect non-transmitted information under the Wiretap Act by
transmitting it needlessly.  Then they could say that because the
information was transmitted, law enforcement now needs the more
difficult to obtain wiretap permit just to search the premesis.

Example: I heard of a case a while back where an office had fax
printouts lying around.  Because these fax printouts were not in
transmission at the point of interception, there was no need for a
wiretap permit.  And I think that's reasonable.

I'm not sure that your example is correct, because in the cases you
mention the wiretap is not actually accessing stored information; it's
accessing a transmission (which may be stored elsewhere).  However, if
the eavesdropper were able to access the data at the point of storage
that you describe, then they probably could weasel out of the Wiretap
Act.  I would not think it's easy to read registers off a
microprocessor externally.

What annoys me is how the FBI got away with abusing this rule in the
Scarfo case.  They planted a keyboard logger on Scarfo's keyboard.
Then they planted a bug on his serial port.  The two bugs compared the
keystroke to the data leaving the serial port, and if the keystroke
didn't leave the serial port instantaneously, they captured it, and
they were able to successfully argue that they didn't intercept a
transmission.  Obviously email is composed before being sent, so the
slimey bastards use this to conduct a disclosure attack on information
that would otherwise be protected by the wiretap laws.

One might argue that they intercepted a transmission between the
keyboard and the computer.  Here's how they weasel out of that: Title
3 requires a wiretap warrent to intercept *electronic* transmissions.
I believe the FBI uses a keyboard logger that detects the *mechanical*
pushing of keys, probably specifically to circumvent the wiretap law.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]