Mike Ingle says:
The attack posted here uses a brute-force search to find a phony LEAF which has a valid checksum. Instead, why not just initialize the chip with a session key and get the LEAF. Reset the chip and initialize it with a different session key, but send the first LEAF instead of the second one.
An interesting idea.
The LEAF would look good unless you tried to decrypt the session key. The wrong-IV problem would remain. The NSA should have designed the Clipper so that, if the IV was wrong, the chips would not accept the LEAF.
That can't be done, I'm afraid. Its way to difficult to distinguish a bad IV from line noise nuking the first block of your CBC conversation.
They also should have used a much larger (32-bit or even 64-bit) checksum.
Matt suggests precisely that in his paper. Perry