Faking crypto chips for public algorithims is theoretically more difficult, because its simple to create a DES_verify routine to make sure your DES chip is working right. Its more difficult to near-impossible if the chip picks the key, as it must to avoid easy rouge implementations. If the rouge implementation can choose a key, then it can pre-calculate the appropriate checksum, and then simply tell the other unit "We're going to use this key." Thus, keys need to be chosen by the chip, making it tough to see if the chip is functioning properly. I suspect the NSA knew this. For more on rouges, see Matt Blaze's paper, on ftp.research.att.com/dist/mab/keyescrow or somesuch. jim bell wrote: | I noted long ago that one disadvantage with having a single, standardized | encryption chip (like Clipper, even with the key-escrow un-enabled) is that | the NSA has plenty of money in its budget to build a fake chip that can be | installed during a black-bag job. True, if they could fake one chip they | could fake 10, but it's harder to do and the demand for any single kind of | chip might drop to one per year. Unfortunately, a sufficiently-complex | FPLD would probably sub for anything if it were in the right package... | -- "It is seldom that liberty of any kind is lost all at once." -Hume