From: Matt Thomlinson <phantom@u.washington.edu>
Date: Mon, 28 Mar 94 10:16:54 PST
To: cypherpunks@toad.com
Subject: Ames/clipper compromised?
Message-ID: <Pine.3.89.9403281007.A13914-0100000@stein3.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain



sommerfeld@orchard.medford.ma.us (Bill Sommerfeld) :

>BTW, my guess at the most likely back door is that the unit keys will
>be generated as a cryptographic function of the serial number and a
>*small* random number generated for each chip and unknown to the
>agency.  They would have to search a mere 2**16..2**32 keys once they
>get the serial number out of the LEEF.  The existance of such a
>backdoor would be difficult to prove, since there would be no visible
>evidence for it in the individual chips.  It is also difficult to
>disprove such a theory because the clipper key generation algorithms
>are classified.

I just read a paper that might apply to this type of backdoor; it was by
someone at RSA, with the title "..RSA's trapdoor can be broken". I'll 
look the article up when I get home. Basically, it argued that the smaller 
keyspace generation approach used above would be detectable. 

I think it might be generally applicable. I'll look it up again. 

mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom@u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom@hardy.u.washington.edu