From: Carl Ellison <cme@sw.stratus.com>
Date: Fri, 1 Apr 94 11:51:11 PST
To: jim@rand.org
Subject: Re: the rest of the key
Message-ID: <199404011950.OAA06524@galt.sw.stratus.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>I understand the Skipjack review committee will be looking into the key
>generation process at Mykotronx also.  The procedures originally proposed
>for burning in the keys has some annoying flaws that have been pointed out
>frequently, like the existence of both halves in the same room at the same
>time, which would be a tempting target for somebody siphoning them off to
>a private single-site escrow. :)  Various people have suggested that the
>two halves of the key could be burned in at separate locations, so that the
>only place they're put together is in the key itself; this was not part of
>the proposal as we've seen it so far out here.
>

..but what of at least the original description which had the key generated
by a function within the sacrificial laptop (a PRNG driven by the two
key pieces supplied by the escrow agents)?

K_i = PRNG( E_1, E_2, i ) ;

If PRNG is secret (a high power NSA algorithm), it might be a *truly* high
quality one-way-function -- which happens to be independent of E_1 and E_2.

No one would be the wiser -- and the NSA's job would be a lot easier, in
the event that some chips get stolen or someone bombs the escrow center
and its backup sites.

 - Carl