ccplumb@watnot.UUCP (12/02/86)
The following is excerpted from the January, 1987 issue of _Radio-Electronics_, and as an example of the U.S. government's bass-ackward approach to secrecy, I feel this is almost unparalelled. --- Excerpt begins --- . . . And it finally happened: _Videocipher_has_been_busted_. DES and M/A-Com _Videocipher_II_ is protected by numerous U.S. laws. It uses the DES encryption system that, until April 22, 1987, may be protected from unauthorized busting by the National Security Agency. NSA is responsible for the security and integrity of the DES code, and uses it to transmit less-than-top-secret messages to military and embassy locations world-wide. In the M/A-Com view, anyone who tampers with DES or attempts to profit from decoding it is guilty of treason against the U.S. government. Obviously, charges of treason are not to be taken lightly. Nonetheless, perhaps as many as several dozen persons or groups have, independent of one another, cracked _Videocipher_II_ and we have seen systems in operation. Their problem now concerns what they should do their knowledge. Anyone who attempted to sell "Blackcipher" boxes _inside_ the U.S. would immediately be charged with several federal offenses, possibly including treason. M/A-Com warns _Videocipher_II_ distributors that the act of shipping a VC2000 satellite descrambler outside the U.S. may be construed as an act of treason, because U.S. laws state that exporting a DES decoder is illegal and that it is "an act against the state." In spite of that, however, between 25% and 30% of all _Videocipher_II_ units sold by M/A-Com to date have been exported, primarily to Mexico, the Caribbean, and Central America. A study of the law suggests that, although it may be illegal to export the _Videocipher_II_ units, and that it is illegal to build and sell DES-decoding "Blackcipher" boxes inside the U.S., it is not illegal to design, manufacture, distribute, and use "Blackcipher" boxes outside the U.S., provided they never enter this [Ed: he means the U.S.] country and that they are sold and used in countries which have no security or patent treaties with the U.S. What's happening now is that, quietly, in small backwater locations where U.S. zip codes do not apply, people are using their specialized knowledge to build and sell devices that defeat _Videocipher_II_ scrambling technology. The device costs between $800 and $1,200 (U.S.), which, on the surface may seem high, but which could actually turn out to be a bargain. The reason is that even a handful of scrambled programming sources could cost $50 per month in the U.S. A box that decodes all _Videocipher_II_-scrambled signals provides more than $100 in monthly programming services. At $1,000 for the box, in six months the box will pay for itself. [Ed: The M/A-Com box costs ~$400 U.S.] Inevitably, some of those "Blackcipher" units will find their way back into the U.S. where there are more than 1.5 million buyers of the offshore system. Undoubtedly, there are firms and persons who will seek to import those devices into the U.S. on a clandestine basis, or who will attempt to build and market similar units from inside the U.S. Doing so could be risky, however. Offenders could be fined upwards of $250,000 or sentenced to jail for 10 years - without considering possible charges of treason! So be warned that, although it may indeed be legal for someone in Aruba or St. Kitts to build, sell, and use such a decoder, it is clearly illegal to do so here [Ed: there] in the United States. The reason scrambling came into being is greed: greed on the part of the producers of _Videocipher_II_, and greed on the part of the cable programmers. Because both the descrambler and the monthly programming charges were priced too high, entrepreneurs who possess the ability to decode _Videocipher_II_ have been attracted to the marketplace. Such a situation cannot endure in its present form, of course. There is a lesson here that, hopefully, future generations of scrambler builders will consider carefully _before_ bringing their creations to market. --- Article ends --- I don't think further comment is necessary. Oy, vey! -Colin Plumb (ccplumb@watnot.UUCP) Zippy says: Maybe we could paint GOLDIE HAWN a rich PRUSSIAN BLUE--
leichter@yale.UUCP (Jerry Leichter) (12/02/86)
The referenced article - which I'm certain will draw a large number of replies from people happy to see their worst suspicions confirmed - is a load of non sense. The NSA does not protect DES. It never has. It certified DES as a crytographic standard, and that certification is what is about to run out. The NSA does not use DES to encrypt ANYTHING. In fact, it is explictly ILLEGAL to transmit government-classified information using only DES for encryption. DES has NEVER been acceptable for such use. "Unauthorized breaking of DES", whatever that might mean, is not treason. In fact, I rather doubt it, in and of itself, is a violation of any law whatsoever. (The work involved MIGHT be considered classified - crytography and certain aspects of nuclear physics having to do with bombs are in the special position that information about them can be considered classified even if developed inde- pendently - but even that's unlikely - the US government does not use DES for sensitive information.) There is plenty of open literature on methods for attacking DES (most of which seem to indicate that it is, in fact, a pretty strong cipher - while the practicality of brute-force attacks is known, and there are some little hints here and there of POSSIBLE weaknesses, all attempts at analytical attacks published so far indicate that a lot of correct decisions went into the design of DES; variations have fallen to analytical attack, but not DES itself.) I find it extremely doubtful that if, indeed, the VideoCipher system has been broken, that it's been broken by breaking DES. A lot of very good people have failed to break DES; I doubt a bunch of hardware hackers could do better. That does NOT mean that M/A-COM's USE of DES is correct; it may be that the particu- lar way they use DES was not well thought out, and has been broken. M/A-COM's warning about it being "possibly treasoness" to ship their boxes out of the US is nonsense - scare tactics. It MIGHT be illegal under various Commerce Department regulations previously discussed in this group. (Since it is a decoder only, rather than a full ciphering/deciphering system only, even that isn't clear.) It would NOT be illegal, under those regulations, to ship decoder boxes INTO the US. Nor would it be illegal to sell them WITHIN the US. These regulations apply only to shipping FROM the US TO foreign countries. The illegalities involved in producing and selling such boxes have nothing to do with cryptography; they involve the same laws that make it illegal to sell cable descramblers for simple "invert the sync pulse" encoding schemes. That is, what's ultimately involved is some sort of "theft of service", and the producer/seller is prosecuted for being involved in some sort of conspiracy to steal services. -- Jerry
outer@utcsri.UUCP (Richard Outerbridge) (12/03/86)
> And it finally happened: _Videocipher_has_been_busted_. > > DES and M/A-Com > > _Videocipher_II_ is protected by numerous U.S. laws. It uses the > DES encryption system that, until April 22, 1987, may be protected > from unauthorized busting by the National Security Agency. NSA is > responsible for the security and integrity of the DES code, and uses > it to transmit less-than-top-secret messages to military and embassy > locations world-wide. So: does this mean they've busted DES or just the dynamic key management used by the Videocipher II? Can anyone explain without being treasonable? [Breaking DES for under $1400.00 - even U.S. funds - sounds a neat trick!] -- Richard Outerbridge <outer@utcsri.UUCP> (416) 961-4757 Payload Deliveries: N 43 39'36", W 79 23'42", Elev. 106.47m.
ksh@scampi.UUCP (Kent S. Harris) (12/03/86)
In article <12246@watnot.UUCP>, ccplumb@watnot.UUCP (Colin Plumb) writes: > The following is excerpted from the January, 1987 issue of > _Radio-Electronics_, > ...... > And it finally happened: _Videocipher_has_been_busted_. This is wrong. Videocipher (DES) has not been "busted" by anyone, particularly garage hobbyists.
ccplumb@watnot.UUCP (Colin Plumb) (12/04/86)
In article <3720@utcsri.UUCP> outer@utcsri.UUCP (Richard Outerbridge) writes: >> And it finally happened: _Videocipher_has_been_busted_. > >So: does this mean they've busted DES or just the dynamic key management >used by the Videocipher II? Can anyone explain without being treasonable? >[Breaking DES for under $1400.00 - even U.S. funds - sounds a neat trick!] I'd say just M/A-Com's descrambler enabling system has been broken - breaking DES in real time, for *any* amount of money, would be a neat trick! I apologize for the fact the column wasn't well writen, but it seemed to be relavent to the discussion here. I should have added a disclaimer to the effect that the views expresed in the quotation are those of the original author, not me! -Colin Plumb (ccplumb@watnot.UUCP) Zippy says: I'm not an Iranian!! I voted for Dianne Feinstein!! P.S. I, too, would like to hear about how the cracking works... does anyone out there know? P.P.S. Probably the scheme involves some modifications to an existing Videocipher box - in which case instructions for making the modification shouldn't be any more illegal than posting diffs for copyrighted source - probably less, since the box doesn't come with any sort of licensing agreement!
henry@utzoo.UUCP (Henry Spencer) (12/04/86)
The cries of "treason" are -- quite apart from DES's status -- almost certainly nonsense. As I understand it, US law defines treason quite narrowly, to the point where it is quite difficult to prove in court even when the actions are of a much nastier kind. The intent was precisely to prevent this kind of abuse of the charge. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry
karn@faline.UUCP (Phil R. Karn) (12/04/86)
There have been several premature reports of the demise of Videocipher-II. One showed up on the Independent Network News a few months ago. In it a satellite dish dealer first showed a reporter how adding a capacitor to a Videocipher box would recover the video on an unsubscribed channel (this was legit, but no surprise since everyone knows that the video is easy to recover). Then he claimed that through the use of an ordinary FM broadcast receiver, he could get the sound. Well, it was pretty obvious to me that he was just getting it from his local CATV company, since many carry the sound for subscription channels on the FM broadcast band (this is how you get stereo). Several days later, HBO made the same accusation, but the dish dealer denied that he got the audio off a CATV system. He also refused to repeat the demonstration. He claimed that he'd tell M/A-Com the details of his scheme only if they'd agree to recall every Videocipher box -- an offer M/A-Com is unlikely to accept. You decide. As far as I know, Videocipher represents the first time DES has been used in a situation where the legitimate receiver is either apathetic or actively hostile to keeping the keys secret. Videocipher uses a primary/secondary key scheme. The primary keys are used to decrypt an encrypted secondary key which is sent over the satellite. This secondary key can be fixed, or it can change periodically; each time it changes, the box must decrypt it with the primary key and start using it to decrypt the audio. Clearly, the primary keys are the "key" to cracking the system. Obviously, any subscriber can get as much matching plaintext/cleartext as he or she wants, but this isn't of much use since DES has already shown itself to be highly resistant to known plaintext attacks (i.e., you'll probably have to try all possible 2^56 keys in a DES chip of your own until you hit the one that works). The security of the system therefore depends entirely on the physical security of the primary DES keys, which of course have to be in the box you sell to the customer. They are kept in the unit in a register on a custom CMOS chip with battery backup. Naturally, the chip is designed to make reading the keys impossible. Given that DES has withstood all (published) cryptanalytical attacks, and that you can get physical possession of the primary keys by simply buying a box, the most fruitful avenue of attack on Videocipher is likely to be physical. Special solvents exist for dissolving epoxy off ICs without damaging the chips, and special scanning electron microscopes exist for reading voltage levels within operating ICs. All it takes is one motivated person with access to the necessary resources to read the key registers, post the results to netnews, and the game will be over. Until then, I'm taking all reports of Videocipher audio cracking with a large bag of salt. Phil
gnu@hoptoad.uucp (John Gilmore) (12/04/86)
In article <7370@utzoo.UUCP>, henry@utzoo.UUCP (Henry Spencer) writes: > The cries of "treason" are -- quite apart from DES's status -- almost > certainly nonsense. As I understand it, US law defines treason quite > narrowly... Henry's absolutely right. Treason is defined in the US Constitution! "Treason against the United States shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court. The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture, except during the life of the person attainted." -- John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore@lll-crg.arpa Call +1 800 854 7179 or +1 714 540 9870 and order X3.159-198x (ANSI C) for $65. Then spend two weeks reading it and weeping. THEN send in formal comments!
ks@nears.SWB.COM (Kurt F. Sauer) (12/04/86)
It is not illegal to export cable decoders using the technology incorporated in the M/A-COM VideoCypher I or II outside the United States; there is a specific exemption in the export controls for this type of equipment. Kurt F. Sauer Oklahoma City, OK -------------------------Start of Attachment In article <4725@yale-celray.yale.UUCP> leichter@yale-celray.UUCP (Jerry Leichter) writes: > ... It MIGHT be illegal under various >Commerce Department regulations previously discussed in this group. (Since it >is a decoder only, rather than a full ciphering/deciphering system only, even >that isn't clear.) > >It would NOT be illegal, under those regulations, to ship decoder boxes INTO >the US. Nor would it be illegal to sell them WITHIN the US. These regulations >apply only to shipping FROM the US TO foreign countries. >... > -- Jerry > -------------------------End of Attachment
matt@oddjob.UChicago.EDU (Matt Crawford) (12/05/86)
M/A-COM and the magazine quoted are full of shit. The US constitution defines treason as giving "aid and comfort to the enemy in time of war". The United States has not declared war in over forty years. Until such time as war is declared (on someone besides "drug abuse" :-), it is IMPOSSIBLE to commit treason. OK, so this isn't cryptographic. Idiocy should be combatted wherever it appears. _____________________________________________________ Matt University crawford@anl-mcs.arpa Crawford of Chicago ihnp4!oddjob!matt
vnend@ukecc.UUCP (D. W. James) (12/05/86)
In article <12246@watnot.UUCP> ccplumb@watnot.UUCP (Colin Plumb) writes: >The following is excerpted from the January, 1987 issue of >_Radio-Electronics_, and as an example of the U.S. government's >bass-ackward approach to secrecy, I feel this is almost unparalelled. > >--- Excerpt begins --- > > _Videocipher_II_ is protected by numerous U.S. laws. It uses the >DES encryption system that, until April 22, 1987, may be protected >from unauthorized busting by the National Security Agency. NSA is >responsible for the security and integrity of the DES code, and uses >it to transmit less-than-top-secret messages to military and embassy >locations world-wide. In the M/A-Com view, anyone who tampers with >DES or attempts to profit from decoding it is guilty of treason >against the U.S. government. Obviously, charges of treason are not to >be taken lightly. Just a question (point?). I thought that charges of treason were only valid during wartime and that during peacetime some other charge (whose name escapes me) applies. Anybody out there clear on this point? -- ******************************************************************************* Later y'all, Vnend Ignorance is the Mother of Adventure. **UUCP:cbosgd!ukma!ukecc!vnend; CSNET:vnend@ecc.engr.uky.csnet** ************BITNET:cn0001dj@ukcc.BITNET (but only as a last resort)************
bds@mtgzz.UUCP (12/08/86)
In article <271@faline.UUCP>, karn@faline.UUCP (Phil R. Karn) writes: > All it takes is one motivated person with access to the necessary resources > to read the key registers, post the results to netnews, and the game will > be over. Until then, I'm taking all reports of Videocipher audio > cracking with a large bag of salt. The simplest motivation is money. Offer the right amount to the right person and the game IS over!