1994-06-03 - Re: Faster way to deescrow Clipper

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: Mike Ingle <cypherpunks@toad.com
Message Hash: 0e6fd8f3b8f4c71aea43b7b5cf0b702e8cd32a5c7460e2769b1e7a5df29bda81
Message ID: <9406031255.AA03902@snark.imsi.com>
Reply To: <9406031157.AA03771@snark.imsi.com>
UTC Datetime: 1994-06-03 12:57:00 UTC
Raw Date: Fri, 3 Jun 94 05:57:00 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Fri, 3 Jun 94 05:57:00 PDT
To: Mike Ingle <cypherpunks@toad.com
Subject: Re: Faster way to deescrow Clipper
In-Reply-To: <9406031157.AA03771@snark.imsi.com>
Message-ID: <9406031255.AA03902@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



"Perry E. Metzger" says:
> 
> Mike Ingle says:
> > The attack posted here uses a brute-force search to find a phony LEAF
> > which has a valid checksum. Instead, why not just initialize the chip
> > with a session key and get the LEAF. Reset the chip and initialize it
> > with a different session key, but send the first LEAF instead of the
> > second one.
> 
> An interesting idea. 

As I've now found out (I forwarded the message to Matt -- his paper
wasn't clear on this point) this won't work. As I've said in other
messages, session keys are an element of the method used to generate
the checksum buried in the LEAF.

Perry





Thread