From: Sean Roach <roach_s@alph.swosu.edu>
Date: Sun, 23 Feb 1997 21:10:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Clipper article in  Cu Digest, #9.10, Wed 20 Feb 97
Message-ID: <199702240510.VAA28286@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:16 AM 2/21/97 -0800, Bill Stewart forewarded:
>CUD is available at  URL: http://www.soci.niu.edu/~cudigest/
>Here are some excerpts:
...
>>  The Defense Department plans to remove the government key escrow
>>  software from its Fortezza cards used on the Defense Message System, a
>>  move that signals the death of the Clinton administration's
>>  controversial Clipper initiative and one that should encourage
>>  civilian use of the cryptographic cards.
>>
>>  A DOD spokeswoman confirmed the decision to remove the key escrow but
>>  would not provide further details.
>>
>>  The DOD decision, which will be formalized in a policy expected out
>>  shortly, is in response to the administration's decision last October
>>  to support key recovery technology instead of the controversial
>>  Clipper initiative. Each agency must decide how it will implement the
>>  government's policy internally. A technical advisory committee will
>>  develop standards for a federal key management infrastructure.
>...
>>  DOD has for years pressured civilian agencies to use government escrow
>>  technology, but the agencies were wary of the law enforcement access.
>>  Stephen Walker, president and chief executive officer of Trusted
>>  Information Systems Inc. (TIS), said the policy will remove the last
>>  remnants of the Clipper and serve as an official endorsement of key
>>  recovery technology.
...
So instead of all of the keys being stored in some guarded vault, the parent
key which each chip uses to encrypt part of the users key when transmitting
is kept in some guarded vault.
That way they get the key in some 10 messages unless you rotate often.

Or the keys are assigned according to some unusual system.  Assuming that
only 10,000,000 people were interested in the cards, then only 2^24 keys, or
16777216 keys need to be assigned.  An additional 100+ bits of "key" can be
thrown in, so long as the government has those, or can reconstruct them from
the others.
If you can only affect part of the key, can't a brute force attack get you,
knowing that certain random digits were always the same?
Of course this would become too obvious really soon, unless some elaborate
system were used to rotate the garbage.  such as having bits 2, 5, 9, 11,
12, 14, and 19 tell which of 128 different garbage sets to throw in.
Please correct me if this is unfounded.
Please inform me if I'm on the right track.
Please tell me that I'm just irrationally paranoid so I can get some help.