I was just wondering.... If the NSA could get it's hands on half (40) of any particular clipper key, wouldn't that just leave 2^40 to compute? Even with brute force, it's trivial even next to DES.
No -- not like that, anyway. The two halves are each 80-bit numbers constructed from the key generation process, and the unit key is the XOR of the two of them. Having one doesn't give any information about the key, if the key generation people are behaving honestly. Obviously if one of the halves is supplied by somebody sneaky they don't need the other half; but the procedure as outlined by Denning would make this impossible if Skipjack is as strong as she believes. I understand the Skipjack review committee will be looking into the key generation process at Mykotronx also. The procedures originally proposed for burning in the keys has some annoying flaws that have been pointed out frequently, like the existence of both halves in the same room at the same time, which would be a tempting target for somebody siphoning them off to a private single-site escrow. :) Various people have suggested that the two halves of the key could be burned in at separate locations, so that the only place they're put together is in the key itself; this was not part of the proposal as we've seen it so far out here. Jim Gillogly Sterday, 8 Astron S.R. 1994, 17:25