From: grendel@netaxs.com (Michael Handler)
Date: Thu, 19 May 94 18:35:32 PDT
To: cypherpunks@toad.com (Cypherpunks)
Subject: How trustworthy is *Skipjack*?
Message-ID: <199405200135.VAA23933@access.netaxs.com>
MIME-Version: 1.0
Content-Type: text


	It seems to me, that with the NSA being the devious bastards that
they are, might not just make the key escrow scheme the only weak point in
the Clipper encryption system. The escrow scheme (supposedly) allows
only legal wiretaps, as you need a warrant or wiretap order in able to
obtain the escrowed key parts.

	HOWEVER: The NSA known to be damn secretive about what exactly it
is doing and investigating. If they were snooping on something, especially
something they're not supposed to be involved in (domestic surveillance,
for instance), they wouldn't want to go to the trouble of legally
obtaining a wiretap order. They take so long, and there's always the
trouble of that potentially incriminating paperwork...

	In short, is it possible that the NSA built in a backdoor to
Skipjack so they can stay ahead of the game like they used to in the
pre-Clipper days?

	Also, at the risk of starting a "computing power increases vs.
difficulty of factoring vs. potential cost" flamewar: Is it possible that
the NSA can brute force Skipjack? _Applied Crypto_ says that Skipjack only
has an 80-bit key. How easily could the NSA break an 80-bit key?

-- 
==========================================================================
|  Michael Brandt Handler  |  Philadelphia, PA  |  <grendel@netaxs.com>  |
|        PGP 2.3a public key available via server / mail / finger        |
==========================================================================