Date: Mon, 2 Aug 1993 13:52 EDT From: thug@phantom.com (Murdering Thug) To review: 1) The key escrow aspect is a wild goose chase. 2) The security of the algorithm is also a wild goose chase. 3) The backdoor must be in the chip hardware itself. Dr. Thug ignores the most obvious weakness, which is likely in the key generation process. By selecting the key from a relatively small keyspace (say 40 bit equivalent, rather than the 80 bit nominal keyspace) the cost of exhaustive search can be dramatically lowered to those who know the basis of key selection, without any outward evidence of tampering, weakness of the algorithm, weakness of the chip, vulnerability to external attacks, special hardware to respond to trapdoor codes, etc. Examining the chip hardware for correctness will not discover this attack. Only providing users with the ability to program their own keys, together with public disclosure of the Skipjack algorithm and verification of its implementation can help. If there are a significant number of weak keys in the Skipjack algorithm (which is explicitly denied in the panel report) then even this approach could be dangerous.