Finally, I turned back to the desk. I was forced to conclude that the X9.17 standard, approved by the American Bankers Association in 1985, re-affirmed by the same group in 1991, and recommended by NIST in 1992 for all government key exchange, was completely vulnerable to impersonations of one member institution by another member institution. There is little point in the banks using separate key-encrypting keys because any bank can impersonate any other bank; they might as well all be sharing a single key.
The protocol completely fails to satisfy requirements 4-6 and 9, as laid out on page 12 of the standard. Those requirements state:
- (4)
- A data key or key-encrypting key shared between a communicating pair shall not be disclosed to a third party (except for a Key Translation Center (CKT) or a Key Distribution Center (CKD)).
- (5)
- A data key shared between a communicating pair shall be secured from third party usage (except for a CKD or CKT).
- (6)
- The compromise of any key shared between any communicating pair shall not compromise any third party.
- (9)
- Key security and integrity shall be ensured.
None of these hold! Not a single one. The standard fails to meet four of the sixteen objectives clearly laid out on page 12. How could such a grievous oversight occur in such an important standard? Trillions of dollars were distributed every day by EFT. CHIPS alone handles well over 150,000 messages every day. The CHIPS network spans the globe and includes all of the major banks.
Nevermind all that, who was the millwright? If I was right in assuming that the millwright was able to obtain a primary key-encrypting key because he was a privileged employee of one of the banks, that limited the number of people somewhat. But only somewhat. He might be working for any one of the several thousand banks in the network. If he was a privileged employee of a bank, regardless of whether he was acting alone or on behalf of a corrupt bank, he was likely very knowledgeable in the mechanics of funds transfers. Far more so than I was, for example. Could it be that the millwright already knew we were tracking him? Might he be watching my every move from afar? I shook off a feeling of being watched. It was an absurd thought. Somewhat annoyed with myself, I crossed the room and lifted the phone and began punching in Lisa’s number — a number I’d long since memorized but never bothered to store in the phone’s memory. But after only one ring I abruptly hung up, having suddenly decided that it might be better to tell her in person than over the phone. I knew all too well that phones were not secure from nosy people, especially nosy people with an interest in noting any progress in my detective work. In other words, I hadn’t succeeded in ridding the feeling of paranoia.
Grabbing my wallet off the kitchen table, I glanced at the clock above the dishwasher and headed for the door. Hmmm, 11:45. It would be 12:30 by the time I got all the way over to Lisa’s place. I wondered if our friendship was close enough to allow for an unannounced visit at that hour. Then I wondered if any friendship is close enough to allow for such an intrusion (excluding friendships that are no longer referred to as merely friendships). I decided I’d better take the opportunity to catch up on eating and sleeping and visit Lisa in the morning. No good. She would be at work (shehad a real job). Reluctantly I realized I would have to take this discovery straight to the FBI. Still, it would have to wait until morning.