NSA on 10-16-2012 W£iJUVlDW£iJ11 l5 B JlBVU llDWV lB 50WlB 5 B iJlDl5llJlB W 5 iJID 5 f WUlG1 j'I1WUllD AUG - SEP 1986 SOMETHING NEW U • • RUM RQ'NHERS 1930 U • • • • •• • • • • • • • • • • •• • • • • • ••••• LETTERS U • • • • • • • • • • U • • • • • • • 'flUS BOCHMBNT CONTbIN OQgWOln Afl TKIUl Lb • • • L ENTER YOUR PASSPHRASE PLEASE U • • • • ' • EXTENDED HOURS AT LEARNING CENTER 11 U • COLLEcTION MANAGEMENT U ' • • • • BULLETIN BOARD U • • • • • • • • SENIOR PROFESSIONAL CAREER PROGRAM U • • • • • • • • • BACK-UP SHELLS FOR THE ASTW U • • • • CONFERENCE REPORT U • • • • • • • BOOK REVIEWS OUT OF THE INNER CIRCLE U • • • • SECRECY AUTHENTICATION AND PUBLIC KEY SYSTEMS U • THE COMPUTATION OF STYLE' U • • • • • ••• • • ITALIAN FOR EDUCATED GUESSERS U • A PRIVATE GERMAN' CIPHER OF WW I • ' _ • • • • ' Ji I' l l t1 12 17 18 20 21 25 6 16 27 • 29 • 3 0 • • • • • • • • • 15 31 • • • • • •• 36 CLASSIFIED BY NSAIESSM 123 2 ' Dtr li r Jtr sr 7 N Q ClASSJFY ON OfigiAa iAg ' j 6 r bJ lhh ' f A efleY'5 Deterffiif18tiefl Reqtlired DOCID 4019706 Published by P1 Techniques and Standards VOL XIII Nos 8-9 ' August-September 1986 GOOD BUREAUCRATIC WRITING 11 - PUBLISHER U BOARD OF EDITORS Editor P L ·1L - t963 fl 3 Collection 1 196 S81 Computer Systems 1 1963 1103 Cryptanalysis I 1' J5 3-S 38 Cryptoli nguistics 1 19 1 596 Index 1 1963-5292 Information Security Georae F Jelen 963·121n Information Science 963-11 5 1963 -5283 Intelligence Research I Language J 963 3 57 Mathematics 963 5566 I 963-6430 Puzzles 1963·4191 Science and Technology 1 Special Research Vera R Filby 968 80 14 Traffic Analysis Robert J Hanyok 963 $734 I s ' ' ' ' ' ' ' ' ' F -----J - f J 86-36 Acontr$dit£hm in terms Notlt s just that good bureaucratic writing is unco on Something strange gets into people when they compose official documents They forget that the intended readers are the very same human beings they've been communicating with all along Maybe all they need is a good example There's one beginning on page 21 Note that it is short though the information is complete readily It reads well It an be scanned The tone is good And marvel of marvels it states plainly that there is a change of concept and tells why Such directness is To submit articles or letters by mail send to · Editor CRYPTOLOG Pl HQ 8A187 If you used a word processor please include the m g card floppy or diskette along with your hard copy with a notation as to what equipment operatifl9 system arnf software you used seldom found It is efficient as well as refreshing After all the population to whom this is addressed is composed of senior Always include your full name organization and secure phone number in the intelligence business These people let us hope would inevitably find the needle of information in a haystack ofgobbledy-gook via PLATFORM mail send to cryptolg at bar1 cOS bar-one-c-zero-five note no '0' in 'log' professionals It might take them longer that's all Just to how that this example is not unique single sole one-of-a-kind but merely unusual rare exceptional remarkable there's another example beginning on page 6 It's a very readable nay fascinating budget proposal Surely it moved For Change of Address mail name and old and new organizations to Editor CRYPTOLOG Pl Please do not phone mountains Contents of CRYPTOLOG should not be reproduced or disseminated outside the National Security Agency without the permission of the Publisher Inquiries regarding reproduetion and dissemination should be directed to the Editor FOlt OIi'FIGh L USS ONLY 8KCRI3 SPORE P L SOMETHING NEW U TARGETING NARCOTICS TRAFFICKERS S·CCO Aug-Sep 1986 CRYPTOLOG page 1 C T PQK-li EO 1 4 c P L 86-36 86-36 P L DOCID 4019706 86-36 s c ft · 'f spon r-- traffickers Therefore there is no general Fourth Amendment preclusion of USSS interception of such communications and of the monitoring and targeting of US persons who are parties to the radio communications of ships and aircraft involved in narcotics trafficking FOUO Special procedures were approved by the Acting Attorney General in December 1984 which authorize intercept and direction finding against persons whom the usss reasonably suspects to be engaged in international narcotics trafficking An international trafficker is defined as any person engaged in buying selling manufacturing from cultivation to refining or transporting a controlled substance as defined by the Attorney General where such activities cross international boundaries AUTHORITY US POLICY U Narcotics were legally imported into the US for more than a hundred years By the beginning of this century there was strong sentiment to outlaw alcohol but little public concern for the widespread use of narcotics Drug stores and grocery store sold narcotics without a prescription and mail order houses distributed them as cures for any number of ailments U On December 17 1914 President Wilson signed the Harrison Narcotic Act establishing the foundations of federal drug law enforcement Since it was basically a tax on narcotics Treasury was left to enforce it when it became law on March I 1915 The first step in monitoring international commerce in opiates was passed in 1922 and was called The Narcotic Drugs Import and Export Act U The Federal Bureau of Narcotics was established on July I 1930 and in September President Hoover appointed Harry J Anslinger Commissioner of Narcotics a position he held ---1 for more than three decades It was U One principle underlying the ruling is that there is no reasonable expectation of privacy for the radio communications of narcotics EO 1 4 c P L 86-36 Aug-Sep 1986 Commissioner Anslinger who initiated the enduring US drug policy which maintains that the solution to the drug abuse problem lies CRYPTOLOG page SECllEl' VOK 2 EO 1 4 c P L 86-36 4019706 SE6REl SPOKE product would not exist were it not for the demand for the illegal drugs while Congress accuses the State Department of giving too little high-level attention to the drug problem THE NATIONAL BORDER INTERDICTION SYSTEM U In 1982 the National Narcotics Border Interdiction System NNBIS was established to combat drug smugglers at the US borders It collates the intelligence assesses the threat to the region prioritizes smuggling targets identifies resources available to interdict those targets and recommends actions to the participating agencies These consist of 14 Federal agencies and 14 000 state and local law enforcement entities that either have a role in drug enforcement or no statutory bar to such a role The purpose of NNBIS is to increase the various agencies' effectiveness through cooperative and coordinated efforts U Reservations concerning NNBIS are many Some suggest that NNBIS isn't needed because organizational coordination is not the problem and that reorganizations serve only to confuse the law enforcement community State and local law enforcement agencies complain that coordination with NNBIS is virtually nonexistent and that NNBIS has merely confused the national drug enforcement effort and disrupted traditional working relationships with DEA Customs and the Coast Guard Many people believe that coordination among DEA Customs and the Coast Guard is a problem Note that the US Coast Guard is a part of the Department of Transportation the U The White House stated in 1982 the US Customs Service is part of the Department elimination of illegal drugs at or near their of the Treasury and the Drug Enforcement foreign source is the most effective means to Administration is part of the Department of reduce the domestic supply of these substances Justice As in any bureaucracy they sometimes There is evidence that US efforts to control the don't talk to one another because of territorial production of drugs abroad have been largely competition Increasing agency coordination for unsuccessful Unfortunately narcotics involves an effective drug enforcement effort is not yet a developing nations in debt and in need of US reality and the jury is still out on the dollars The producing nations argue that the effectiveness of NNBIS as the answer with the foreign nations that produce the illicit drugs Aug-Sep 1986 U CRYPTOLOG page SSCRI T SPOKE 3 DOCID 4019706 S ffiCR ffi'f' SPOICH NARCOTICS INTELLIGENCE GATHERING Cocaine connections Probable sources of cocaine eold In lhe United Slales estimates U DEA created in July 1973 is the lead Federal agency in enforcing controlled substances laws and regulations Its primary responsibilities are to investigate major narcotic violators enforce regulations governing the legal manufacture distribution and dispensing of controlled substances manage a national narcotics intelligence system coordinate with federal state and local law enforcement authorities and cooperate with counterpart agencies abroad train and conduct scientific research and exchange information in support of drug traffic prevention and control U The EI Paso Intelligence Center EPIC is an interagency operation managed by DEA with participation by nine other federal agencies and working agreements with 45 states EPIC provides a nationwide intelligence clearinghouse for drug enforcement information Most information produced by EPIC is marked DEA SENSITIVE because it does not qualify for classification as National Security Information SIGINT received by EPIC pertains to narcotics information only and is used to corroborate other sources Fewer than slx persons with special intelligence clearances have access to SIGINT and they are forbidden to remove sanitize or enter it into other databases Other Ecuador Argentina Brazil Chile CocaIne production estimates In melric Ions 1982 Source The National Narcotics Intolllgence Consumers Committee American public off marijuana and onto cocaine The children who once smoked marijuana may now be smoking crack iS€T NSA is only one of many players who deal with the international narcotics problem but our input modest though it is is invaluable SIGINT contributes to national estimates forecasts and to studies on the narcotics problem and often gives US policy makers an indication of how effectively foreign aid --- Earked for narcotics eradication is being S_T_A_T_U _S_ L In April 1986 President Reagan signed the National Security Decision Directive that will permit the armed forces to dedicate personnel and equipment to fight drug trafficking Now the armed forces will be able to help in ---l almost any area of drug law enforcement except U Interdiction however is difficult Most marijuana is smuggled into the US by ship and most cocaine by aircraft Since cocaine is easier to ship and the profits are greater for dealers there has been a predictable switch to cocaine Ironically the success of the US effort against marijuana has had the effect of weaning the arrests seizure of materials and apprehension of suspects as long as their primary defense mission is not jeopardized ' ' Drug trafficking in the US Southern Command is seen as feeding arms supply and insurgency which destabilize Latin America In this light the new military role in the drug fight becomes more EO 1 4 c P L 86-36 Aug-Sep 1986 CRYPTOLOG page StBOUtB'i' SPOI E 4 EO 1 4 c P L 86-36 DOCID 4019706 SEelt T 8POKE understandable Defense Secretary Weinberger it is applicable Moreover it is clear that the however once termed the idea very dangerous federal law enforcement community needs and undesirable Civil liberties advocates fear better organization and coordination on narcotics interdiction strategy It may also need covert surveillance of US citizens preferring that President Reagan ask Congress to fund the to better define the role SIGINT can play in this overall strategy 0 regular agencies 1 8 660 But while the Defense Department budgets have soared in the last five years and DoD has been given an increased role in combating narcotics Coast Guard ships sometimes remain in port because of the lack of gas and manpower to interdict drug smugglers Priorities need to be a ljusted so that enforcement agencies can act upon SIGINT when Editor Note Readers might be interested in comparing present efforts to combat narcotics trafficking with similar efforts to interdict rum runners during Prohibition as described in the memo beginning on the next page Q 1° Aug-Sepl986 CRYPTOLOG SBCnWI'SPOKE pm 5 - 4 c W L 86-36 DOCID 4019706 'i93 fu I DATE 10 October 1930 MEMORANDUM FOR THE COMMANDANT SUBJECT Radio Intelligence Establishment of Cryptanalytic Section at Headquarters and Intercept Stations in the Field In accordance with your instructions of 3 October I took up with Customs the matter of holding in abeyance the transfer of Mrs Friedman cryptanalyst and her assistant from the Coast Guard Intelligence Office to the Divison of Special Agents Bureau of Customs pending the determination of the question as to whether or not the Coast Guard could undertake the establishment of a cryptanalytic section at Headquarters as a basis for a radio intelligence service in the field which would put the enforcement agencies Coast Guard Customs and Justice in immediate possession of specific knowledge of the operations of the smugglers upon which definite action resulting in seizures and the prevention of smuggling can be taken Customs readily assented to the retention of Mrs Friedman and her assistant pending developments and moreover agreed that the Coast Guard was the logical government agency to handle the radio problem When my plan was outlined the Commissioner of Customs Captain Eble not only agreed to the Coast Guard undertaking the project but offered to go to Mr Mills in support of it ' In order that you may be fully acquainted with the problem and its solution a brief summary of the radio activities of the smugglers and the attempts to date of the enforcement agencies to combat it is necessary Practically all operations of the smugglers from the sea are now directed by radio in code and cipher Without radio the smugglers would be so greatly handicapped that I have no hesitancy in saying that once the Government can gain the upper hand in the control of their radio activities smuggling from the high seas will be reduced 50 per cent On the east coast there are forty-five radio stations between Maine and Florida directing the movements and operations of smuggling craft There are fifty-eight smuggling craft known to be using radio The Coast Guard has a record of eighty-one stations in a single group whose operations are directed from the New York area On the west coast all smuggling operations on the coast of California are directed by radio from Vancouver and a station on the California coast In short communication between ships and shore is essential to the operations of the smugglers on the present organized scale It is carried on constantly in code and cipher It is now being intercepted by the Coast Guard and by Customs Agency intercept stations This intercepted material contains much of the information that the investigative agencies of the Customs and Justice are after the practically all of the plans including contact points to obtain which the Coast Guard vessels cruise endlessly Aug-Sep 1986 • CRYP'I'OLOG • page 6 FOR OFfi'I61z L USB ONLY DOCID 4019706 About three years ago the late Captain Root took up the matter with Prohibition and with the Prohibition Bureau furnishing personnel and the Coast Guard the equipment intercept stations were established in San Francisco and Florida and Mrs Friedman cryptanalyst was employed by Prohibition and established in the Coast Guard Intelligence Office to decipher and decode the material The information thus obtained was most valuable to the Customs Agency and Coast Guard in giving into the hands of the enforcement agencies complete information of the plans and methods of operation of the smuggling rings as well as the personnel engaged in the traffic ashore With this limited organization valuable information for use in combating the rum-runners was obtained The uses to which this information was put and numerous concrete examples of the practical value of this work in the prevention of smuggling can be given from the files of this office up to recently this work was mostly informative but the success obtained with this modest beginning led to an experiment with a 75-foot patrol boat the CG-2l0 which was turned over to the Intelligence Office to operate It was equipped with highfrequency receivers and radio-compass and assigned to duty in the New York Area to 1 Intercept and send in for solution the radio communication between rum ships and radio ashore 2 Locate and raid illegal radio stations from which the operations of the rum ships are directed This patrol boat under the command of Lieutenant Meals has done all that was expected of it Its success in intercepting by high-frequency receivers of the rum-ship operating orders and in locating the illegal stations on shore with its recently developed high-frequency radio direction finders led to the final step in the establishment of a complete field radio intelligence unit Through the cooperation of the War Department Major Friedman Chief of Signal Intelligence Division and an expert cryptanalyst was detailed to the CG-210 for a period of two weeks We thus had on a single 7S-foot patrol boat 1 A battery of high-frequency receivers with radiomen to intercept the coded operating orders of the rumrunners 2 A cryptanalyst to reduce the intercepted message to plain text 3 Radio-compasses to locate the illegal stations 4 A Coast Guard officer thoroughly familiar with the operations of the enforcement agencies to immediately act on the information derived Aug-Sep 1986 CRYPTOLOG page 7 FOR OFFICIAL USB ONLY DOCID 4019706 In a period of two weeks the following was accomplished by the CG-210 1 The code was used by a group of smugglers operating off New York was broken and the operating orders to the rum ships were read as soon as received 2 The code was compiled and made available for use by the Coast Guard units 3 Two radio stations one situated in new Bedford Mass and one in Coney Island were located raided and put out of business Coast Guard working in conjunction with Department of Justice agents and Department of Commerce inspectors 4 Evidence linking up the NOVA V recently seized by the Coast Guard with the radio station was obtained with is deemed ample to indict on conspiracy charges As a result of the interception and solution of the smugglers code and the raiding of the station the operations of the group of rum ships was completely stopped for several days no contacts were made and the resulting confusion to this group of rum ships was more than all the efforts of the destroyer force and other units combined have been able to effect in months--and it should be remembered that this was accomplished by a single patrol boat with nine men aboard which never went near rum row As a result of this two-weeks experiment we have arrived at the point where it has been demonstrated that the radio intelligence unit has passed from the purely informative stage to one of practical application as an invaluable aid to the patrol forces engaged in the prevention of smuggling The problem of the use of radio by rum-runners has grown to such proportions during the past year that it has attracted the attention of other government departments with the result that a recent inter-departmental committee from Justice Commerce and Treasury was appointed to suggest a solution The report of the Committee is appended and it will be noted that the conclusions and recommendations show that the problem and its solution is entirely Coast Guard work In fact there was no necessity for putting it up to an inter-departmental cornrnitee as the Coast Guard not only has been aware of the situation for years but has had all the elements for its solution at its disposal It is logically a Coast Guard activity Now the keystone of the whole system is the reduction of the rum-runners' codes and ciphers to plain text--the cryptanalyst section--and it is essential that there be established at Headquarters a section in the Intelligence Office capable of breaking the codes and ciphers and supplying the rumrunners' codes and ciphers to the field and of training the men in charge of intercept stations in this line of work The set- CRYPTOLOG page 8 FOn OF J'ICIAL USB ONLY Aug-Sep 1986 aCID 4019706 up required and the cost is appended Discussion of this will be given in person as it is quite involved and extended It might be well here to give a brief summary of the present rum-running situation In the past year there has been an increase of 34 per cent in foreign rum-runners We are now back to where we were three years ago with this vast difference the rum-runners are organized on a basis that makes the methods used three years ago practically obsolete And their radio communication system is the key to this organization The actual figures are 1927 1928 1929 1930 138 109 103 138 One rum-running syndicate pays the man in charge of its radio installations $10 000 a year The radio communications on the west coast are directed from Vancouver by a radio schoolmaster versed in the most intricate system of codes and ciphers Rum ships are in charge of former British Naval Officers Under present conditions on the west coast the Coast Guard is practically impotent On the east coast the Coast Guard harasses and annoys the rum ships but the results in proportion to the effort expended is pitifully small One of the purposes of the radio intelligence unit is to obtain greater results from the same expenditure of effort in other words to employ the present equipment of the Coast Guard to the best advantage The cost of the entire radio intelligence unit is less than the cost of operation of a single destroyer or cutter or of three or four patrol boats and the results that should be obtained are worth more than the results of operating a squadron of destroyers or patrol vessels It must be understood that this subject of radio intelligence is not theoretical nor anything new The following has been actually accomplished 1 Cipher message intercepted and solved showing contact point where and when shore boat is to take load from rum runner Information given to patrol force British and American rum-runners seized Case ISABEL H--Destroyer Force • 2 Radio stations on shore directing rum-ships operations and contacts located and raided New York area 3 Codes and ciphers broken and furnished to field so that operations of rum ships made available immediately to patrol forces West coast Gulf and New York areas 4 Evidence obtained by breaking ciphers and codes to obtain convictions on seizures Gulf and New York areas-NOVA V Aug-Sep 1986 CRYPTOLOG page FOR OFFICIAL USB ONLY 9 DOCID 4019706 5 Information furnished Customs and Justice agents to build up cases of the rum rings ashore which are operating the rum boats Concrete cases can be supplied from the files of this office A development now in process is the location of the rum ships at sea by radio-compass instead of by the cruising of destroyers and patrol boats over thousands of square miles of sea The necessary field units can be supplied by the Coast Guard from present equipment and personnel--if necessary taking them from units now producing no results What must be supplied is the Headquarters' Civil Service unit costing approximately $12 000 a year Now for the other side of the picture If this organization is not adopted by the Coast Guard Mrs Friedman goes back to Customs and works on the intercepts from the two Customs stations he Coast Guard with its destroyers and patrol on a military basis will continue to patrol the seas and operate precisely as if radio had never been heard of spending hundreds of thousands of dollars in an effort to stumble across the information that is constantly on the air i e the location and contact points of the rum-runners Anyone familiar with the history of the British Navy in the World War could hardly fail to appreciate the value of this work The personnel in the field are interested in this phase of operations and are wondering why Headquarters hasn't long ago developed an organization along these lines Radiomen construct short-wave receivers get the traffic and send it in to Headquarters--and there the matter ends There is decidedly a question of morale involved There is no brooking the fact that there is now spreading in the Service a sense of futility of effort and from that a feeling that a demonstration is all that is required and it is a very short step from that to the belief that a demonstration rather than actual result is desired by Washington The cost of this radio intelligence unit is so small in comparison with any other unit as to be insignificant and it cannot fail to justify this expenditure It is therefore recommended 1 That the Commandant go to Mr Mills or to Governor Lowman first and then to Mr Mills to get authorization for $14 660 to establish the central cryptographic section at Coast Guard Headquarters civil service It would appear that the best procedure is to request that it be authorized for the C G appropriation 1930-1931 available 1 July 1931 and if necessary take this amount from various other items so that the total of the appropriation will not be increased I deem this matter of sufficient importance to justify asking for a deficiency appropriation to cover but in view of the present fiscal situation doubt if it Aug-Sep 1986 CRYP'l'OLOG page 10 FOR OFFICIAL USS ONLY DOCID 4019706 could be obtained regardless of the merits and urgency of the proposition 2 That three 75 foot patrol boats be turned over to the Intelligence Unit to be equipped and manned similar to the C G 210 each boat to have the following personnel 1 Commissioned officer in command 1 C B M I B M llc 1 1 4 1 C Mo M M M M M llc Radio Men llc S C 1st class 3 That the following personnel be assigned to the New York Intelligence Unit under Lieutenant Meals 1 1 1 6 6 Commissioned Officer Yeoman Radioman Chief or 1st Class Radiomen 1st class Carefully selected Warrant officers for preliminary training under Meals to be brought to Washington for training under cryptanalytic section when latter is established 4 It is realized that the personnel asked for above are not available but the importance of this organization justifies if it does not make mandatory the withdrawal of the personnel required from other units particularly nonproducing units The personnel of a 75-footer as now authorized will supply the personnel of each 7S-footer assigned to this work 5 It is realized that the commissioned officers required are not immediately available and if it is not desired to take them from other units - and I would not hesitate a minute to put a destroyer or other unit out of commission to supply them for this work - carefully selected warrant officers can be substituted to command the 75-footers until commissioned officers are available As stated above the Commissioner of Customs Captain Eble deems this the most important development to combat smuggling that has arisen and is 100 percent behind the Coast Guard in this plan and will go to Governor Lowman and Mr Mills in support of it The inter-departmental situation makes immediate action necessary on the part of the Coast Guard This will be explained in person F J GORMAN page 11 FOU OFFICIAL USE ONLY Aug-Sep 1986 CRYPTOLOG DOCID 4019706 Editor's note Computer Se£urity is in the air In the same week we received an article a Letter to the Editor and a book review on the subject printed below as well as an item or the Bulletin Board Enter Your Passphrase Please U P L 86-36 GIl This article is classified POR OPFIe-tAL USB ONLY in its entirety J1 fulfillment of NSA's expanded responsibility in the field of computer security COMPUSEC a major effort has recently been undertaken to support enhanced password security at the Agency Soon users of CANDE and SOLIS will be introduced to the results of this effort This article will give you an idea of what the new system will be like as well as the history and rationale behind this change In an attempt to provide enhanced security better guidance and rationale for the use of passwords on a computer system the National Computer Security Center NCSC published the DoD Password Management Guideline in April 1985 The document is based on the best security practices on existing computer systems The underlying principle of a secure password system is that the passwords are kept secret at all times The major features advocated in this guide-line are • that users should be able to change their own passwords that passwords should be machinegenerated rather than user-created and that certain audit reports e g date and time of last login should be provided by the system directly to the user The Guideline explains what a good password management system should be able to do and outlines the responsibilities of users and system security officers in the secure use of passwords It recommends and suggests alternatives for setting up a password management system and explains how to calculate such things as the maximum password lifetime password space the maximum number of valid passwords that can be generated by the system and the probability of someone guessing the password for a given password space and lifetime When users change their own passwords no one but the user is involved in that change and the user is supposed to be the only person who knows the password But many users lack imagination and select passwords that are easy to remember resulting in passwords that can easily be associated with themselves This makes guessing passwords fun and rewarding for anyone trying to gain access to someone else's account Machine-generation takes the guess work out of selecting secure passwords but results in passwords that people dislike because they are CRYPTOLOG page 12 FOIt OFI ICIAL USE ONUl Aug-Scp 1986 DOCID 4019706 usually too hard to remember so they jot down information form and receipt to be filled out such passwords and leave them by the terminal and returned to the Tech Support office acknowledging receipt of the password and that for handy reference -_- by both the authorized user and unauthorized hacker alike Even user's continued use of the system The number systems that attempt to provide pronounceable on this form matches an identical password machine-generated passwords often fail to card that is filed in the Tech Support office for provide a certain linguistic reality which most use whenever a user forgets the password and people need to help remember them However cannot find the card there is a way to generate passwords that are At an appointed time most often over a both secure and that have linguistic propertie that make them much easier to remember w end all passwords on the system are This is using machine-generated passphrases c ed As you might guess the next work day there are a lot of locked termmals as users consisting of a combination of real words with or without se antic meaning forget to use their new passwords or have trouble entering them Three bad logins locks a terminal Paradoxically the strongest point 0 demonstrate the utility of its of the machine-generated password has proven to be its weakness because random-generated guideline and the practicality of machine-generated passphrases the passwords are so difficult to memorize many Division of Standards at the NCSC users keep their new password on a card near embarked on a project to their terminal for easy reference implement its DoD' Password Management Guideline on one of the existing computer Under the new Passphrase Management systems at the Nati09- al Security Agency For System three words are randomly selected from the experiment the computer system selected data base of three to six letter English words had to be one that would significantly b it and displayed on the user's terminal The user from the implementation one on which people may use those three words in any desired order could really se the 'nets of the Guideline in to make up a new passphrase If the set of action and one that could readily us machine- words proffered does not yield a readily generated passphrases As the first step they remembered phrase the user may request examined the com r systems at NSA and had another set up to a maximum of ten sets Once the word order has been selected the user discussions wit system security officers computer'system personnel and users Finally must enter the new passphrase correctly twice in succession to verify that it has been entered they selected the WINDMILL PULPWOOD Burroughs system and began work in May correctly and to reenforce the new passphrase 1985 The completed Passphrase Management in the user's memory If a new passphrase has System will appear first on CANDE followed by not been successfully selected within ten tries implementation on SOLIS the user will be locked out of the system and advised to contact the system security officer Under the curr- nt system users are sent a for assistance machine-generated eight-character random A new passphrase is good for a maximum of alphanumeric password every six months three months but can be changed at any time through the mail The user receives a punched before then The system will automatically care containing the password and a numbered alert users when their passphrase is within two IiI' Aug-Sep 1986 • CRYPTOLOG • page 13 FOR OPPICIAL US Or 'Ut DOCID 4019706 weeks of expiration Users on interactive terminals may change their passphrase at any time in that period Should the passphrase not be changed by its expiration date that user's account will be flagged as having an expired passphrase Once the passphrase expires the system will automatically invoke the change passphrase routine whenever a login is attempted and will not allow the user to login until a new passphrase has been selected If the user does not change the passphrase within two weeks after expiration the account will be locked and the user will have to contact the system security officer to get back on the system To log in using this new passphrase system the user first enters his or her standard userid The user will then be prompted to enter a chargecode consisting of a classification level a function code and a job number Next the user will be prompted to enter the passphrase which wherever possible will be concealed Upon entry of the passphrase the screen will be automatically cleared If all the elements supplied are correct the user will be logged in and given the date time and place of both the last successful login and the last unsuccessful the account is locked and the user required to contact the system security officer before again being given access to the system It is considered a security violation for more than one person to know the password or passphrase for any given individual userid Thus this system will not allow more than one user to be logged in under a given user account Special groupids may be established for those projects where more than one user needs to share access to the same computer resources A user may be a member of as many as five groups and a group may have as many as thirty memb s ----At login time the user will enter his or her ow individual userid then a comma followed by the' groupid When prompted for the passphrase the user will enter his or her personal passphrase The userid and passphrase will then be authenticated and if correct group membership and classification level will be checked If everything is correc the user will be logged in under that groupid Any problems will result i a'n_unsuccessful login attempt for that user sers of the Burroughs sy'stem have login attempt plus the total number of always included a classification level unsuccessful login attempts since the last valid - within the chargecode_as_ part of the login This information can alert the user to login sequence In the past the any att mpted penetration of the system using system checked only to see if the his or her userid The new successful login classification given was at a meaningfur1evel data will be stored the ' ailed login counter Under this passphrase management system the cleared and the user given access to the classification level is also checked against the computer Should any of th'e--information user's own security profile For example if the supplied be incorrect the user' wi'll be told that user has a maximum clearance level of SECRET the login was invalid and a record will be made and tries to login at TOP SECRET the login wili ' of this incorrect login by incrementing the be unsuccessful Or should the user try to login failed login counter and storing the date time at UNCLASSIFIED when that particular user's and terminal identification account has CONFIDENTIAL as a i imum The user will be allowed a totaCof ten consecutive unsuccessful login attempts before Aug-Sep 1986 access level the system will also deny access While the latter illustration may seem an unnecessary precaution it is a measure to CRYPTOLOG POlt OPPlClAL US page 14 ONLY DOCID 4019706 protect extremely sensitive data from accidentally finding its way into an unclassified file A user may also change the chargecode during a given session but again the user must specify a level for which he or she has access privileges or the requested change will not be accepted A record is made of every action processed by this new system This information is stored in special audit files for use by the system security officer There is a general audit file To the Editor containing all the actions processed by this system and in addition another special audit file that contains a subset of those actions that could be indicative of a security problem Some of this information is also given directly to In regard to the article User-Friendly Passwords in the May-J ul 86 issue I find •a problem with the premise stated in the first part of paragraph three the need to · generate passwords implying that users at login time in order to help users detect problems with their own accounts However · password generation is a user responsibility I agree with the DoD the system security officer has these more comprehensive files available for detecting patterns of behavior which could signal overall security problems Computer Security Center's position Passwords should be machine-generated •rather than user-created People are far too predictable when picking passwords The Passphrase Management System has undergone extensive testing and evaluation and should be fully operational on CANDE by the summer of 1986 This project has shown that the principles propounded in the DoD Password Management Guideline can be effectively implemented The recommendations and specifications in the guideline can be tailored to meet the security needs of any computer system Keep in mind that while most of the features in the guideline can be automated much of the effectiveness of any system depend on the users working with the system will security officers to understand and follow good password management practices 0 Knowing something about the person allows an attacker to vastly reduce the number of possibilities in attempting to guess passwords Machine-generated passwords or pass phrases are much better at assuring that passwords are distributed over a large space I claim that it is the computer system •administrator's responsibility to provide · password generators which give the user a fighting chance of remembering passwords that are generated I claim that passwords that are pronounceable strings like SENSLES-GAR-BYG are not that hard to remember Maybe not fun to remember but not hard Giving the user some choice in the matter can make the procedure 1 ug-Sep 1986 CHYPTOLOG page 15 FOil OFl ICli b y OI TbY DOCID 4019706 more user-friendly Some of the author's mnemonic devices could be used to remember nearly any random string if the user is clever enough •I believe that the author has a valid •complaint about how machine-generated · passwords are administered on some ·systems His complaints about the way LUDLOW is used are understandable •Better human engineering of password •generators would be welcome More •information on guidelines for passwords is · available in the Center's publication on password management available from C4 OUT OF THE INNER CIRCLE A Hacker's Guide to Computer Security by Bill Landreth Microsoft Press Bellevue Washington 1985 Reviewed by If one accepts the premise that password •generation is a user responsibility then this · article has practical suggestions on how •users can do a better job at meeting the •responsibility But I would challenge the ·author to come up with a better password generator which meets the Center's · guidelines The basic requirements are not hard to state and they allow for a wide •range of creative solutions Human engineering is important and the author has · practical experience in using passwords •Since password generator programs are •rarely exercised during the course of a day · they can be large and very user-friendly IC51 L - P L 86-36 I -------- IC212 P L 86-36 This book is an excellent non-technical introduction to computer security for the lay person In the first chapter the author describes a hypothetical attack on a corporate computer a battle of wits between the hackers who choose the time and place of their attack and the operators who wait detect and respond The remaining chapters present a brief history of computers a history of hacking and an overview of computer security measures designed to limit hacking damage These chapters are well organized and the material is clearly explained so that even non-technical readers will be able to understand it easily The book closes with an epilogue detailing Landreth's arrest and trial and an appendix giving his evaluation of some commercial computer security devices I have some reservations about his evaluations detailed below Landreth writes about computer security from personal experience as a hacker his hobby was breaking into other people's computers That's not the only meaning of hacker and some people object to it but Landreth used it and so Aug-Sep 1986 CRYPTOLOG page 16 Fon OFl'lGlAL USfi3 ONLY i DOCID 4019706 will 1 He started with a TRS-80 and an Apple TI It was with his Apple TI that he discovered the challenge of understanding and controlling other computers through his own this challenge appears to be the motive force for most of the incidents recounted in the book Landreth describes how'his increasing ability and reputation finally brought him into the Inner Circle an informal group of expert hackers who met electronically by leaving messages on the computers they had penetrated It was their superior skill that finally ended Landreth's hacking career they had penetrated some computers so regularly that they were discovered traced and arrested Evaluation Criteria None of the systems penetrated by the Inner Circle meet the requirements even for Cl the lowest level of trust Landreth also neglects the special problems of embedded computers in modern weapons systems Neither omission is a serious flaw in an introduction intended for the general public But people facing professional espionage or managing embedded computers need more than this book they need professional defense 0 Landreth's hacking experience gives the book both its strength and its weakness His knowledge and interest are reflected in the book's convincing detail but they affect his objectivity Successful hacking means using the computer in an unauthorized or abnormal way It isn't hacking if they let you in Most hackers learn a system's weaknesses by trial and error usually by exploiting bad EXTENDED HOURS conunands in the progranuning those not intended or anticipated by the computer's for designer Landreth implies that few hackers LEARNING CENTER intend harm and that most are harmless I disagree Unauthorized entry may destroy data or slow down the computer so much that real L -- _ _----- IE22 work can't get done Hacking therefore is Learning Center #1 room 2C166 Operations not a harmless pastime Building #1 is operating on extended hours The center is open Monday through Thursday Another limitation of Landreth's personal 0700 - 2200 Yes that's 10 pm approach is his lack of knowledge about the At the Center there are courses on special problems inherent in military systems cryptanalysis and other Sigint disciplines such as susceptiblity to espionage The anticomputers management personal development hacker standards set by Landreth are target studies office skills and other subjects inadequate to protect sensitive information Many are overviews without exams a good way to try something new against professional espionage Appropriate #1 u standards for Trusted Systems are described in the Orange Book the National Computer Security Center Trusted Computer System A list of courses is published quarterly For more information stop hy or call 963-5899 s or 688-7922 b P L CRYPTOLOG page 17 FOR OFFICIAL USE ONLY Aug-Sep 1986 86-36 DOCID 4019706 eONFIDENCfIAL COLLECTION MANAGEMENT I PAST II PRESENT and III UNCERTAIN FUTURE U G53 P L 86-36 T1'ti til tiC i C anified CONHBfiVftALJ- ' D in its eRtiFety Am I a fireman on a diesel-driven collection system Am I a relic of the past without a fu ture It's time for me to find a psychoanalyst to gain an understanding of my original Agency occupational specialty For some years now I've asked myself the following questions ''What is collection management and why do we need collection managers in NSA These questions are disturbing only because I am certified in this career field and without it I would be qualified only for staff and management positions I want to believe therefore that a need exists for collection managers like me and that the Agency really depends on our work This is where my schizophrenic problem begins I want to believe in the need for collection managers and at the same time I can't find a real reason for us to exist at least under our present job description Production organization independent agency operated as an You must also remember that the signal environment at that time was simple Morse voice and some printer which by the way was considered to be an advanced signal type at that time I can remember statements being made upon my arrival at NSA that Morse was on its way out and printer was going to be the way of the future and by the way how would we be able to cope with such technology Because there were so few types of signals available for NSA to exploit at that time it was some person's bright idea that each production element should make its collection assets available for use by other production elements mainly because signal types were somewhat common across element lines Thus GENS ACOM and ALLO were instructed to send a representative to this new element COSA or COLL where they would perform as brokers for other elements tasking on their positions Although the element was formed the people remained attached to their supported In order to· understand my problem you organization while the chief of the collection must have at least a basic knowledge about why management shop was an independent manager collection managers were first introduced into the Agency work force My knowledge along this line This fact soon caused many problems the is somewhat limited in that collection managers ultimate result being the permanent reassignment were already on the scene at NSA when I started in of all detailed collection managers to the collection 1959 I understand from some old-timers who management element Another factor was our lack' worked here before me that there were elements in of computer support as we know it today All the Agency named GENS now A Group ALLO now tasking records were maintained on 5x8 cards and G Group ACOM now B Group COLL or COSA now a recap of this file was made typed proofread and P5 and a little bit of every other office involved mailed every month This file was considered the with collection activities and still others At that authority for all tasking and each mission change time there was no Combined Cryptologic Program was entered on the appropriate station position CCP and nearly every element within the Aug-Sep 86 CRYPTOLOG page 18 eONFIDH l'l'IAL J dL H A··GQMIP f'f-6IlANNmSeJ' 6Y7 I DOCID 4019706 CONFIBEN'f'IAL card as it was being forwarded to the collection site which changes have greatly altered the role of a by message collection m nager This whole process was performed by a number of typist record keepers and collection managers performing what would be considered manual labor in today's computer world A high percentage of positions remained tasked against a single entity this was based on the collection site location however it was not impossible or unusual for several types of tasks to be assigned to a single position A collection manager would review the tasking assigned to a station position look at the collection statistics received electrically from each station and ultimately determine the best place to assign a new task to obtain the desired results Today's collection manager is not determining where to assign a case for coverage He has no effective evaluative tools to use in the performance of his job The signals environment is so complex that he doesn't understand how to collect a signal or even to know what type of equipment is required in order to collect most of our sophisticated signals He has little authority in either the curre nt or planned collection world Furthermore he is uninformed about why a task is being assigned Le what is the requirement Because of this the collection manager today is by and large a creature of the past a rubber stamp for conveying tasks between a traffic analyst and a collector or a resource controlling authority a record keeper for upper management who is unable to accurately respond to questions because he is not trained to interpret the data in his files a person who is more often wrong than right when showing initiative Even at this time most assignments were pre-directed by traffic analysts who for one reason or another Le availability of linguists or on-site reporters etc would tell the collection manager where the task was to be assigned In such cases the collection manager would ensure that the position was being manned in accordance with tasking requirements and that traffic forwarding instructions were complete that technical support TEXTA was on station and that the new mission was not going to interfere with the task of another office Since the early days collection management functions were returned to the analytic offices late 60s and early 70s and more recently moved again to a centralized organization center I believe this again reflects a manager wanting something from a collection manager but not being able to specifically place his finger on the requirement I believe we need to face up to the fact that we need very few collection managers maybe only to perform collection management functions of system ICertainof the traditional collection management tasks should be given to the traffic analyst and a new career field should be developed for our leftover collection managers Collection assets seemed to be plentiful and there were many mord Isites around the world than there are today All iuaIl our world at that time was simple with no real lack of resources The Morse and non-Morse Genera l Search efforts Le constantly looking for new and or unidentified signals seemed to keep us up with what was happening in our simple world and there were people around willing to perform manual tasks The new career field should include such things as being responsible for ensuring standardization when we tasK resources knowing what resources are where in accordance with the CCP and as it is in the real world Imaking sure that our collection system is ready to meet future requirements building some type of an evaluative process which informs the system when a position is not longer productive etc To step through time we remember the introduction of computers into NSA the loss of many collection sites around the world the many new signals that are c ntinui g to surfac he trend to use more hne-of-slght transmlsslOn systems the lack of money the introduction of sensitivities into our work environment the construction of collection positions to intercept a single type of signal communications security I still believe that day-to-day collection awareness on the part of our targets and the changing political world of the past 25 years all of management of items being assigned for coverage I Aug-Sep 86 CRYPTOLOG I page 19 GONFID8NCFIAL ELMi17 Yl f·eOMm ieHAPlNEbS finif b'E __ EO 1 4 c P L 86-36 I DOCID 4019706 CONFIBEN't'IAL is rightfully a responsibility of each analytic office Furthermore I believe that we need to have some focal point in NSA for working with non-SIGINT elements that have an impact upon our collection assets and that we need to have an element involved with watching tomorrow's technolo2Y so that we are prepared for the future I L - --_ I Basically the collection system must be controlled from three points planning and budgeting assets versus requirement priorities and evaluation feedback to the planning and budgeting system EO 1 4 c P L 86-36 know We are also eeking to interview people who personally participated in these events sometimes gral history is the only way to record facts which do not show up in files DP9n the completion of th¢se histories the documents will either be returned to you if they are part of active files or incorporated into the NSA Archival system to make them available for historical and technical research Call or write Tom Johnson Chief T542 SAB 2 Door #3 972-2355 a bout materials and Bob Farley at the same address about the oral history program POUO Materials pertaining to other events I'm not sure that I have communicated my should be sent directly to the Cryptologic 1Chief problem with collection management and Archival Holding Area 1 collection managers clearly However I feel better T541 SAB 2 Door #3 972-2268 now that I have attempted to address it I would like to think that somebody will read this and just CALLING ALL HACKERS FOUD maybe there will be a review of this situation In the meantime this is your collection FOUO If you have had any non-work-related management fireman working on a diesel experience with computer hacking please collection management system saying so long for share your knowledge with us Success not now I look forward to your help with my problem essentil ll just experience Non-attribution nonretribution Please contact Joe Merchant Operations Security Manager PI 963-4652 A'ITENTION FRENCH LINGUISTS 0 000 BULLETIN BOARD 0 GGO Copies of The FRANCOPHONEGLOS I C I I with Supplement 1 dated 15 April 1978 and classified CoCCO are being distributed again To obtain a copy send your Name Organization NEW LAMPS FOR OLD D Building and Room number to IL C-CCO The Division of Cryptologic Hi tory P16 HQ 8A187 Mail orders only are accepted is working on several areas of OUr past and needs Agency files and documents for research EXTENDED CHARACTER SETS D The areas of greatest concern right now are I L -• The Cuban Missile crisis • The Korean War ·II - ----J • The Vietnam War G GGQ If you have documents of any type on these subjects reports otrespondence end product codebooks c01Jlputer runs etc that have been moldering in your desk or file cabinet or that may be in storage plea se1etus P L 86-36 Aug-Sep 86 ' FQUO 'Phe National Data Standards Center advises that there are international standards fo rextending 7-bit and 8-bit character sets and for coding the escape function which invokes a new character set The information should be of interest to persons concerned with data transmission as well as to linguists and programmers dealing with non-Latin alphabets Particulars are described in NDSC Bulletin #6-86 For acop ''N'ritetol fl13D at their new location FANX II A2B03 CRYPTOLOG page 20 COf'fI IBElN'f'IAL IAN BLS VIA OOMlNq ' OUAUUBhS ONLY I DOCID 4019706 SENIOR PROFESSIONAL CAREER PROGRAM GALAXY Status Report At the request of the Director the GALAXY Steering Group undertook a review of the GALAXY Program and program objectives The group documented its conclusions in a revised regulation which was circulated to the members of the Board of Directors for their review prior to a presentation to the Director The decisions resulting from this process are listed below CHANGE 1 - CONCEPT Personal career development is a shared responsibility of the individual and management A centralized program such as GALAXY should not be directive but should provide services to facilitate the attainment of objectives established by the individual and management CHANGE 2 - NAME The program will be known as the NSA CSS Senior Professional Career Program SPCP The change from the GALAXY name was recommended because initial intentions for the GALAXY Program created expectations and perceptions that are no longer valid but continue to be associated with the name GALAXY The term midlevel has also been dropped because it is an inaccurate description in many respects The term senior professional corresponds to the Occupational Specialty Titles for GG13-15 level jobs e g Senior Cryptanalyst Senior Electrical Engineer etc The GALAXY name will continue to be used for the data base CHANGE 3 - REGULATION NSA CSS Reg No 32-9 dated 11 April 1984 NSA CSS MidLevel Career Management Program GALAXY is superseded by a new regulation entitled NSA CSS Senior Professional Career Program dated 7 May 1986 In addition a Personnel Management Manual PMM Chapter has been drafted and will be published shortly Lf3 J CHANGE 4 - ADVERTISING The new regulation establishes a requirement for advertising vacancies to be filled at Headquarters when the selection official desires to consider candidates from outside his her organization Managers can rotate personnel within their own organizations without advertising but the job must be advertised before a cross-organizational move is approved Aug-Sep 1986 • CRYPTOLOG • page 21 FOR OFI ICIAL USg ONLY ero 4019706 ----------- UNCHANGED The program will continue to apply to civilian personnel at the GG13-lS level Emphasis on field support and reassimilation is reenforced Services will continue along present lines maintaining data bases publicizing vacancies searching for candidates coordinating selection release and approvals acting as focal point for field staffing and reassimilation for GG13-lS jobs and people providing guidance and information on career opportunities and career planning P L CRYPTOLOG page 22 FOR OFFICIAL USE ONLY Aug-Sep 1986 86-36 DOCID 4019706 QUESTIONNAIRE #1 UPDATE The GALAXY data base is used constantly to search for candidates to meet job requirements You need to be as well represented in that database as possible Please take a fresh look at your answers to Questionnaire #1 We urge you to give particular attention to secondary experience We find that many people are conservative about claiming experience other than primary responsibilities while requirements for a search are usually stated in fairly comprehensive terms indicating auxiliary skills and knowledges desired Don't sell yourself short on secondary interests and experience Please send us your changes using the attached data record QUESTIONNAIRE #2 UPDATE We are preparing a reissue of Questionnaire #2 which should be more user friendly The answer sheets have been revised and have been printed as a standard NSA form Pl201 available in supply rooms More about this when the new Questionnaire books are ready POSITION ANNOUNCEMENTS with the new requirement for advertising we may modify our format of the Position Announcements to some extent but we will continue to use the following guidelines 1 we run an ad until a job is filled or until requested to delete 2 we do not set closing dates unless requested by the selecting official 3 generally a new job runs two issues as a narrative and then reverts to a line item if not filled 4 We are unable to publish in unclassified form Therefore the trend is toward COMINT CHANNELS so we can include more descriptive information 5 We publish at least every 2 weeks printing and distribution take 2 weeks 6 300·copies of each issue are distributed in advance to Integrated Personnel Activities at the time the document goes to press CAREER PATHING We are currently working with a contractor Human Systems Technology to develop a model for career pathing in several fields pertaining to the procurement process ILSM Acquisition Specialist Contracting Officer Business Manager Our basic approach is to meet with representatives of these fields to document examples of career evolution define competencies and identify the cross-overs which have been or should be possible The contract will be completed in June The pathing model will then be evaluated for applicability to other career areas • Aug-Sep 1986 CRYPTOLOG page 23 FOIt OFFICIAl USE ONLY aCID 4019706 CONFIDBNTIAL P L 86-36 A NOTE FROM THE PROGRAM DIRECTOR U With a couple of years' perspective on the evolving GALAXY SPCP program there are two points I would like to emphasize C First individual initiative is the key ingredient to accomplishing a job change Probably the greatest disservice of the GALAXY Program was to suggest to people that the Program would do it for them We have found this is too much l i k e __ playing the lottery There are some winners but withl GG13-lSs there are a lot of people who never get called On the other hand a high percentage of people who want to move and take the initiative to work with us and with their supervisors are able to find a suitable new job within a six-month period It takes persistence and patience talking with a number of people and waiting for selection officials to make decisions It's a process that will test one's resolve but the determined accomplish their objectives I U Second I consider the principal justification for our program to be to help everyone know the options The Agency is just too large for individuals and managers to know all the posibilities This lack of information inspires both hope and frustration There is a sense that the right job or right person is out there somewhere if the decision-maker could only know all that is available To a considerable extent these are not false hopes and a brokerage service of some kind is really needed to help individuals and managers attain their objectives We are continuing to develop all the means we can to meet information needs--advertising jobs advertising people candidate searches career counseling and advice career pathing guidance etc We welcome your suggestions as to what would be most helpful to you P L CRYPTOLOG page 24 eONFIDI 1NTIAL Aug-Sep 1986 86-36 aCID 4019706 P L 86-36 I-------------------------- --- r------------- ----------- IG I I I I I I L - - _ - - - - - - - - - ' _ iiiI i In our office we have large number of text and data files on ASTWs For back-up we generally copy each file kept on the hard disk to at least one floppy disk as well current pelIx directory to the DOS floppy The shell writesub is as follows cd $1 writealJ cd Yesterday afternoon one of the analysts on my To use writesub enter the command team tired of typing doswrite -afilename followed by the name of the subdirectory to be mename for each file asked if there weren't backed up an easier way to dump multiple files to the writesub mysubdir floppy disks Mter a little thought the two of us wrote two shells P L • CD The shell writeall will write a list of 86-36 Comment froml _ Computer Science Editor files from the current PCIIX directory to the DOS floppy The shell writeall is as follows This shell is useful when there is a need to write several files to floppy in DOS format especially when several similarly named files can be specified with a wildcard while test $1 do echo writing $1 doswrite -a $1 $1 shift done To use writeall enter one of the following commands writealJ filename1 filename2 writealJ writeall filename with global characters • ® The shell writesub will write all files except dot files from a subdirectory of the As to the reason stated for needing this shell however I wonder why you don't simply use incremental dumps as described in the PCIIX Operations Handbook on pp 41-43 This will automatically copy every file that has been created or changed s ince the last dump that way you don't run the risk of accidentally overlooking an important file and back up all users of a given ASTW in a single step Also it runs faster than doswrite Aug-Sep 1986 • CRYPTOLOG • page 25 I 'OIt OF'I ICIAL US B ONLY aCID 4019706 COfU'IBEf'iTIAL • •••• •• •••• ••••• • • •• • • ••• • • •• •• •• • ••••• •• ••••• • • • • • • CONFERENCE REPORT • • CRYPTO AT GLOBE COM 84 • • • • • • P L • • • • 86-36 • • • • • • • • • P L • 86-36 '--1P13 • • • • • ••••••••••••••••••••••••••••••••••••••••••••••••• U MIA COM exhibited their Ilewl Videocipher demodulator designed for Home Box Office satellite TV relay The company hopes that their system will become a de facto national and L ----J U If Videocipher is adopted as an international standard international encryption system which is likely U The encryption uses hard digital since the basic scheme can be adapted to PAL or encryption of the audio channels and control SECAM it may be possible to limit use of DES but information by the DES algori thm and soft there are other secure algorithms that also present analog encryption of the lines of the video picture difficulties according to a DES key stream Implications for NSA U The general scheme of hard encryption U In addition to the entertainment of the audio channel with soft encryption of the video picture was specified by HBO in 1981 and broadcast application the Videocipher unit can presented at an EASCON meeting See Video also be used for video teleconferencing --- a If it catches on for Encryption A Report from EASTCOM 81 in the growing market teleconferencing the sales and dissemination of January 1982 issue of CRYPTOLOG The reason the technology could grow considerably for the soft video encryption is to keep the bandwidth and format of the signal within the conventional video transmission bandwidth The audio portion is hard encrypted because it is feasible to do it and most of the program content is in the audio track It was expected in 1981 that the audio encryption might be by DES but a single 64 000 bps channels was under consideration A surprising feature of the Videocipher is that the digital channel is at the megabit rate with DES protection The Security ofVideocipher Sorry about that Bugs in the new software leave widows and orphans bereft dangle parentheses and apostrophes and cause other violations to convention P L 86-36 i ug-Sep 1986 HA mLB CRYPTOLOG page 26 COP'H'IIW3P CPIAL VIA GOMIH'P GILUHfELS O fLY EO 1 4 c P L 86-36 4019706 EO 1 4 c P L 86-36 SHORB he describes it is primarily of pedagogical and historical interest C-CCO' The opening line of chapter 4 states incorrectly This chapter describes the first public key system ever developed Of course Merkle could not have known that several years earlier such systems had already been proposed by Malcolm Williamson and by Cliff Cocks at GCHQ tS-CCO Perhaps it is a normal human failing to be blindly proud of one's own ideas The idea which Merkle and Hellman originated is that of public-key systems based on the knapsack problem Their design has been discredited on the outside as the result of clever work of Adi Shamir Ernie Brickell And Odl zko and Jeff La arias '7 ·J300K EYI EWS L Merkle offered a prize of $100 to anyone who could solve the MerkleP L 86-36 SECRECY AUTHENTICATION AND PUBL1C KEY SYSTEMS by Ralph C Merkle UMI University Microfilms International Research Presa Ann Arbor cl982 1979J- ReviejJJed bA c-ceo Ipi2 POUO Let us make it clear that this is not a book in the usual sense but a revision of the author's doctoral dissertation written under the guidance of Martin Hellman atSt n ord University As-one would expect It IS an immature work showing the narrow research of one student tt is not a survey of the field as the title suggests No library need acquire this tract Merkle participated in the discovery by Hellman and his many students of what has become known to the academic world as public-key cryptography Actually these systems were first conceived at GCHQ by James Ellis in 1970 Public-key cryptography allows secure communications between subscribers to a large net though they have had no previous knowledge of each other and share no key in the conventional sense Merkle's original scheme based on solving pUZZles as C CCQ Hellman knapsack this prize was paid to Shamir in 1982 Then Merkle risked $1 000 on the security of the iterated Merkle-Hellman knapsack This too was lost to Brickell the work of Odlyzko and Lagarias also suffices to demonstrate the unworthiness of the system Merkle has not entirely missed the target The opening sentence of chapter 1 is spot on Cryptography is a fascinating subject even more so today than in the past But he alludes to the S-boxes unique so far as I know to the Data Encryption Standard as found in many modern cryptographic functions page 52 And in comparing his knapsack to the sturdy public-key system developed outside by Ron Rivest Adi Shamir and Len Adleman this is the system originally proposed by Cliff Cocks he states p 48 the trapdoor knapsack appears less likely to possess a chink in its armor C COO One of Merkle's ideas is that he has created an NP-complete conventional cipher the title of his chapter 8 In fact his thinking is confused in several directions Let us set the scene A knapsack is a set a 1 a 2 a n of n large positive integers known to everyone The parameter n should be chosen large enough to prevent an exhaustive analysis of the 2n Aug-Sep 1986 • CRYPTOLOG • page 27 SBCRBT tfAHBLE ViA eOfyH 'i ' CUAJ'H ELS OP'fLY DOCID 4019706 possible cryptovariables but small enough to allow timely operation of the encipherment scheme Instead of the usual trapdoor use of the knapsack Merkle intends that the sender' and the receiver share key one of the 2n binary n-vectors which they use to select some of the a 1 which add as integers not mod 2 to provide a key That is difference between these two problems It is just such difficulties that make contemporary complexity theory generally inapplicable to cryptology FOUS Knapsacks are not appropriate vehicles for solving the authentication problem in which secrecy of the contents is not an issue but the recipient requires assurance of the n source of the message Typically the message an integer sum K L x a 1 1 m is formed and then the sender A uses some i 1 function F which is publicly known to sign the message One condition is that A only F'OUO Let's think about this a little We'r€' ' lmows the inverse function F-l Given m only intending to use this key to encipher a binary A find x such that F x m Now A ' stream of data with thiusual equation calculates the signature x and transmits x only along with a statement a it is he who has C P EB K so that the plaintext can be recovered via P C EB K That means that sent the message Everyone how has the we need an arbitrarily long key stream Yes facility to read the message F X '- 1n No one else knows F-1 so no one else could have foun_d Merkle is ready for us He has in mind that the knapsack elements a i are infinite the transmitted x j FOUO Aha you think -- a storage problem U Because knapsacks typically have a very where shall I retain these a i Never fear small image space inverses of arbitrary that's not necessary Instead the sender will elements m are most unlikely to exist That is generate and transmit the a i bit-by-bit That for a randomly chosen m it is very unlikely is in some unspecified but clearly essential for that a binary vector x can be found such that security way the sender generates the n '- streams starting of course with the least L xiai m significant bits and with every bit of cipher so knapsa k systems are not useful for must transmit an additional n bits of the authentication ' knapsack components Talk about data expansion D Recogn zing this deficiency M rkle has written a chapter_ ntitled A 'ee rtified Digital F'OUO Now Merkle makes a swipe at Signature His design is tree authentication establishing NP-completeness of his algorithm which is expensive slow and'allow for the But it's hopeless complexity theory just cannot selection of only a small number of messages cope with components of infinite length in the Tree authentication appears again ' Furthermore he admits that his proof fails for longest chapter on protocols for'pu b-Uc-key another reason The NP-completeness of the cryptosystems to no better effect This knapsack problem deals with the following chapter is not without merit it alerts the decision problem given the set of knapsack unwary to the many pitfalls of designing secure weights the a and an integer B determine protocols whether or not there is an n-Iong' binary vector x xi'x 2 x n such that 8 GGO That Merkle fails to construct a satisfactory protocol is' no disgrace many n skilled researchers have had nti more success B x a £- 11 The best work I've seen on this thorny prOblem i 1 has been done byl _ _ - ---- 'l l F'OUO The problem we're faced with as lanyone familiar with their ideas cryptanalysts is instEjad the corresponding will find Merkle's discussion very pale But I search problem given B and knowing that an particularly liked one remark of his in the x exists find x Merkle says From a doubtful world of thrust and coupterthrust of cryptographer's point of view there is not much I Aug-Sep 1986 • CRYPTOLOG • page 28 IIA DLB SECRB'F ' YIA COl UrF CIIA r rB O r Y P L' 86-36 DOCID 4019706 SElCHE'f' masquerade and tampering the message My secret key has been compromised should always be accepted as a valid message its use in determining the authorship of certain of The Federalist Papers U No book on cryptology is complete without mention of the Data Encryption Standard Merkle has a novel approach to DES He shows how to simulate a k-input m-output Sbox by a knapsack with 2k k m components By assembling components he is now able to argue that a general algorithm which could solve a lOOOO-component knapsack could be used to solve DES In a later chapter he discusses the security of multiple encryption of DES U Rather the book intends to be an elementary introduction to statistics for those who wish to make use of statistical techniques in the study of literature In this the book succeeds fairly well although a good deal of mental agility is demanded of the reader For example the term unimodal is first used without definition several pages after bimodal is defined - FOUO Our criticism of this book is not intended as a criticism of the author It would have been surprising indeed if such a young and inexperienced student had made an important contribution He has not Cryptography remains a fascinating subject yes but also a decidedly difficult one 0 U The book is thoroughly British in orientation which the American reader might find refreshing although certain analogies such as the relationship of highway M6 to Manchester may be unhelpful Passages excerpted for literary analysis are themselves a delight to read such as two accounts of the murder of Richard ill's nephews one of which uses the more than twice as often as the other The distinctiveness- ratio could in principle be used to show that one of the authors is more likely than the other to have written a passage of unknown authorship U Most of the concepts present in the book are used to a greater or lesser degree by the cryptanalyst such as chi-square binomial and normal distributions standard deviation standard errors significance testing and sampling to give only a partial listing The cryptanalyst who wishes to review such concepts or approach them from a fresh vantage point would do well to consider this book THE COMPUTATION OF STYLE An Introduction to Statistics for Students of Literature and Humanities by Anthony Kenny Pergamon Press 1982 Reviewed by I IP l i422 U Stylometry is the use of statistics in literary analysis The Computation of Style is not and does not claim to be an introduction to stylometry but it provides enough stylometric anecdotes to whet the reader's interest such as Aug-Sep 1986 U The author correctly states in the preface that a linguist with a rusty memory of junior school arithmetic and algebra should be able to follow the ideas of the book and perform the calculations needed to solve the examples Practical applications of the techniques require the use of a calculator or preferably a computer and therefore the ability to program a computer 0 P L CRYPTOLOG page S CRE1 86-36 29 IIAP'tDLB YIA CO p gntp CHAP'U ElLS OP' LY 4019706 S CIU 'f You have to restrain yourself from interrupting your co-workers with Look at this D Each chapter starts with a humorous sketch illustrating the topic My favorite is shown on the left The information is logically presented with an air of joyous discovery Imagine coming upon Regular Irregularities and Irregular Irregularities And some captions evoke operatic arias Unfaithful Cognates Unvarying Feminines U What makes this book rare and wonderful is the focus on semantics The author takes you on a guided tour of syntax and grammar and points out the relationship between structure and meaning This kind of analysis usually is the preserve of hard-core linguists And the author presents the clearest exposition of sequence of tenses that I can recall fS-eeO We could have used a Spanish equivalent of this book when Cuba became an important target right after the missile crisis There were very few Spanish linguists on board then and even fewer lexicons and other 86-36 language aids in Spanish We made do at first with experienced French and Italian linguists ······lfALIAN FOR EDUCATED GUESSERS who shared the few Spanish grammars and Sh6rtt uts to the Language by C Peter Rosenused French and Italian dictionaries These baum M'l ' Forza Press Menlo Park CA 1985 linguists were able to walk in on the structure $12 00 PCl1l2 R6 and fortunately most were also cryptolinguists and so were usually successful in finding an Reviewedbyl ---ll P16 appropriate rendering by on-the-hoof bookbreaking But translating at one remove to-eeo A fun book on language with short related language is fraught with peril from a cuts for educated guessers That's for us the False friends abound between related linguists at NSA With this book and a languages A special usefulness of this book is conventional grammar an experienced the tidy lists with explications of faithful operational linguist or cryptolinguist can slide quasi and unfaithful cognates into Italian from French or Spanish or make the leap from long-forgotten Latin U Dr Rosenbaum a professor of psychiatry who claims not to be a linguist modestly U It's an unusual size for a language book his labor of love as a supplement to a assesses 81 2- xU- x5 8- with an appealing cover that standard grammar for persons who have invites you to pick up the book and peruse it completed one semester of college Italian and As you open it you notice that it has an suggests that it might be particularly useful attractive layout and a good hand -- creamcolor high-quality paper that is erasable which for people who will be spending time in Italy By the time you've worked through two funis a good thing as it is a workbook Margins filled ch pters you find yourself planning a trip are wide and there's room for notes in the to Italy Just to tryout your do-it-yourself well-spaced text But it is also a readable book Italian 0 that you can curl up with And chortle over Drawing from Chapler 5 Verbs and Their Families A Firsl Approximation Aug-Sep 1986 • CHYPTOLOG • page 30 SI CIUiT IIf WJJf' qA COMI rT CHA HfELS O fLY DOCID 4019706 eONF'IDSN'fIAL To the Editor 0-000 The ODYSSEY CAMS article MayJul 1986 is both fascinating and scary The success of this procedure is obviously directly dependent upon the quality of the original data base Therefore it behooves the prospective user to either clean up the data base interactively first or to make sure that the data loss occasioned by this procedure is acceptable Users who do neither should not be surprised if the cryptosystem doesn't read when it should o E To the Editor FODO One purpose of CRYPTOLOG is to stimulate controversy On that basis alone the article on ODYSSEY CAMS May-Jul 1986 was worth publishing Is there anyone out there critical enough and' aware enough of its shortcomings to critique the process C-CCO Also I consider dubious a process which does not include an interactive editing earl in the game It would be interesting to get the reactions of the cryptanalysts who use ODYSSEY CAMS -----------J 'A Retiring Cryptanalyst'L - EO 1 4 c P L 86-36 EO 1 4 c P L 86-36 Aug-Sep 1986 IIA mLg CRYPTOLOG page 31 eONF'IDEN'f'IAL VIA COMnrT CHAPUrgL8 O rL y DOCID 4019706 SBGR ST There is no question that automation 0 000 Certainly any data base should be But it seems to this quickly scanned for identifiable exploitable is the way to go cryptanalyst that some of the procedures should items which could be extracted at once But be carefully evaluated before ODYSSEY CAMS there must always be provision for extensive cryptanalysis on resistant systems and for becomes the universal processing method Instead the designers should work with diagnosis even in a paperless environment analysts in the operational areas to evaluate This might mean making many printouts or individual needs and to develop better initial even resorting to cross-section paper' and consulting the the original raw traffic processing procedures r-------------------- Conversely cryptanalysts who have worked exclusively in a paper-and-pencil mode should try mechanizing some of their efforts O-CCO An Old Timer' EO 1 4 c P L 86-36 To the Editor 8 000 I believe that Mr Hopper's idea for organizing a workforce for C3 analysis May-Jul 86 is rie-ht on tare-et I I Ip0411 _ _ - J P L EO 1 4 c P L 86-36 Aug-Sep 1986 • CRYPTOLOG page 32 ECRET IhUfBbB VIA GOMli VP GIlA1 fi fJiJbS 01 FbY 86-36 DOCID EO 1 4 c F L 86-36 4019706 CO FIDHH IAL Aug-Sep 1986 IIA mL 8 CRYPTOLOG page cor Pln r 'f'IAL VIA OOP YWF OIIA H 8LS OnLY 33 no COt 'f'RAC'f' - DOCID 4019706 I h · 6 P 86-36 eONI IDEN'f'IAL I I_ _-------JI e r Ii'If I Irf'f'IAL • lIveeo • rr o eOr 'f'ftAC'f' P L 86-36 T e 9U8wiRg leUeF is elsssilief1 P O gO iN ils t ftti ety To the Edi tor A short time ago I received a telephone call from an exasperated analyst in the CIA She was interested in a report which had just been issued by NSA but after several calls to Band G Group personnel she had been unable to locate the author or even the organization to which the author was assigned The subject of the report touched on the problem which I work and so she had been directed to me for assistance Her description of the rp1Jort revealed that it was a G Group product After answering some of the analyst's questions and giving her references to two additional reports one a CIA product she had not seen pertaining to the subject in which she was interested I contacted HAnDLB lIU Aug-Sep 1986 CRYPTOLOG page 34 eO PID8Nq'Lto L GOMH'f'F GHAP fBJsg O fJs y l fO GO fTRAGT 4019706 G05 and eventually got the name and telephone number of the author for her 1i It 'li ' 'r- c ' - '---'- ' ' ' - - -- From the Editor In all it took the CIA analyst and me seven telephone calls and perhaps a couple of hours to locate the author All that time and effort IN ANSWER TO YOUR QUESTIONS could have been saved by the simple procedure of including the author's name and telephone § There are still two general classified number on the report periodicals being published in the Agency In 1978 I published an article in CRYPrOLOG CRYPTOLOG the one you are reading now is calling for by-lines listing authors' names and an informal monthly bimonthly since the cuts sponsored by DDO and published under the telephone numbers on NSA reports something that sister agencies commonly do I suggested auspices of PI for analysts in or concerned It superseded four with Operations that analysts naturally will do their very best if they know their names will appear on their publications KEYWORD DRAGON SEED QRL and COMMAND The CRYPTOLOGIC product and that the psychic income of seeing one's name attached to one's work is no small QUARTERLY CQ published by T54 is a formal Agency-wide vehicle for technical articles incentive to excellence in all disciplines It superseded two publicaA senior official responded that by-lines are not tions ' The NSA Technical Journal and The acceptable because of the need to maintain Cryptologic SPECTR UM The editor of CQ is anonymity and because two or more analystsl ---Jtr541 SAIL2 l oor 3 972-2355 often contribute to a report My view is that P L 86- 3 6 anonymity can be a means of avoiding § Results of the Readers' Survey will be responsibility and that there generally is published in the next issue We're allowing enough blank space preceding a report for the time for responses from the field names of more than one analyst At any rate nothing was done However recent incident I referred to is common demonstrates again the need to reconsider lines to make it easier for our internal external customers to get back to originators the and byand the While I believe that by-lines is the best answer at the very least we should list a telephone number and the issuing organization's designator where a customer can contact the author That simple procedure could save hours of unnecessary searching every year P L 86-36 More on OUT OF MY DEPTH #4 next time Some readers wanted more of a challenge so we obliged But it's much too difficult § § will Beginning with this issue CRYPrOLOG be the new standard size 8t x 11 ··· Readers are invited to comment on letters · and articles published in CRYPTOLOG and • •••••••••••••••••••••••••••••• · on other subjects of general interest CH YPTOLOG page 35 POlt OFTI6IAL USE ONbY Aug-Sep 1986 II • • • • • • • • • • • • • • • DOCIO 4019706 P L 86-36 A PRIVATE GERMAN CIi ER O ' Contributed by 1 204 WW I FELD POST HORNIST MART WIRTH 7 INF REGT 3 KOMP 1 ERS BATL BAYREUTH STAMMBACH DEN 24 MAl 1915 632B29 l19T3S B3S G2ST29S G18Z G5T 71CH H15S2G2K4772S S38D V48 N252719KT B3S H237 2 K6SS2 G2F1H928 B38 H25T2 G1SZ A5FG292GT 61SS2 92CHT B16D 2TWlS V48 D39 H4928 4D29 K4772 S26BST 84CH 238716 H237 73T H29Z63CH28 G9B D2382 T9252 1881 HABE HEUTE DEINE UHR SEBST MIT ZUM Allgo-Scp 198r UHRMACHER GEBRACHT CHYP' 'OLOG page 36 l'OIl OI'FIGIJ b USB ONLY DOCID 4019706 From ABSCENDER HORNIST WIRTH I ERSCATZ BATCAI L LION 7 R E G IMEN T 3 KOMP ANIE BAYREUTH FELD POST AN FRAU ANNA WIRTH IN STAMMBACH Hs No 83 DBF BAYREUTH DEN 23 1 1915 532B2 1881 D238 W29T2S KI9TCH28 73T F925D2 29HI5T28 B23 58S 3ST D1SV2TT29 S2H9 SCH48 D32 BG5 72WlSS28 HlB2 3CH H25T2 F29T3G G271CHT 2S G95SST D3CH B2ST28S D238 G32B29 7188 719T38 Aug-Sep 1986 CI YPTOLOG FOR OI I CIAL page 37 Ji O LY DOCID SEC-j' 401 J 06 KCI c 'l'IIIS Bee l H IBN'I' eON'I'AINS eOBHnrOR B l'dA'fHRlAtJ 5EeREl- r 1t tt 1 d g M l --