1994-03-28 - Re: Ames/clipper compromised?

Header Data

From: sommerfeld@orchard.medford.ma.us (Bill Sommerfeld)
To: smb@research.att.com
Message Hash: 8f77b1a85c53ab27d12b7e63001ff2fe04c6d75f6b46c5ef4b31f4f92cdc42e5
Message ID: <199403281617.LAA00278@orchard.medford.ma.us>
Reply To: <9403281448.AA14338@toad.com>
UTC Datetime: 1994-03-28 16:20:41 UTC
Raw Date: Mon, 28 Mar 94 08:20:41 PST

Raw message

From: sommerfeld@orchard.medford.ma.us (Bill Sommerfeld)
Date: Mon, 28 Mar 94 08:20:41 PST
To: smb@research.att.com
Subject: Re: Ames/clipper compromised?
In-Reply-To: <9403281448.AA14338@toad.com>
Message-ID: <199403281617.LAA00278@orchard.medford.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


	 The  words I also heard were, "If there's only even a  1%  chance 
	 that  Clipper has been compromised, the whole thing's  over.   We 
	 have to start from scratch."
   What does it mean to ``compromise'' Clipper?  The algorithm is known?

Yeah.. this doesn't completely add up unless (a) the source is lying
or (b) there's a "blatant" back door.

If the algorithm becomes known at this stage in the game, they can
probably "easily" generate a modified SKIPJACK algorithm (changing the
S-boxes or equivalent), a new family key, and a subtle variation on
key generation.  They might not even need to re-spin the chip design
if, as they claimed, the critical parts of the algorithm are
programmed into the chip after fabrication.

BTW, my guess at the most likely back door is that the unit keys will
be generated as a cryptographic function of the serial number and a
*small* random number generated for each chip and unknown to the
agency.  They would have to search a mere 2**16..2**32 keys once they
get the serial number out of the LEEF.  The existance of such a
backdoor would be difficult to prove, since there would be no visible
evidence for it in the individual chips.  It is also difficult to
disprove such a theory because the clipper key generation algorithms
are classified.

					- Bill









Thread