Date: Tue, 26 Sep 1995 14:56:54 -0700 From: Eric Blossom <eb@comsec.com>
I was under the impression that a seed for the RNG is loaded into the Fortezza at initialization time. This would make me think that they are using a cryptographically strong PRNG. This would give data that appears random, but is completely determined by the initial state.
I suspect that the "seed keys" provided by the two agencies used to program the Clipper chips has the same properties. This makes the question about how does the NSA get access to the key escrow database moot. They don't need access. They know a priori all the unit keys.
My favorite Clipper master key generation algorithm, in the sacrificial laptop in the Mykotronix vault, is: \[ K(n) = H_1(R_1, R_2, n) = H_2( n ) \] where $H_2$ is a damned good one-way function, as highly classified as DERD's original description of the PRNG in the chip programming process indicated, $n$ is the chip's serial number, $R_1$ and $R_2$ are the ranno seeds provided by NIST and Treasury folks and $K(n)$ is the master key for chip n. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme@acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +---------------------------------------------- Jean Ellison (aka Mother) -+