If the algorithm becomes known at this stage in the game, they can probably "easily" generate a modified SKIPJACK algorithm (changing the S-boxes or equivalent), a new family key, and a subtle variation on key generation. They might not even need to re-spin the chip design if, as they claimed, the critical parts of the algorithm are programmed into the chip after fabrication. Of course, we now know that changing the DES S-boxes isn't necessarily easy. Without knowing the details of Skipjack, we can't even start to evaluate it. BTW, my guess at the most likely back door is that the unit keys will be generated as a cryptographic function of the serial number and a *small* random number generated for each chip and unknown to the agency. They would have to search a mere 2**16..2**32 keys once they get the serial number out of the LEEF. The existance of such a backdoor would be difficult to prove, since there would be no visible evidence for it in the individual chips. It is also difficult to disprove such a theory because the clipper key generation algorithms are classified. The review committee will be looking at the key generation mechanism, according to Steve Kent. Not as good as publishing it, of course, and -- if they're honest -- there would seem to be a lot less reason to keep it secret than there is for Skipjack. (I don't like Skipjack being secret, but at least the ostensible reason is quite sensible, given their motivations.) A useful exercise for this group might be to compile a list of questions that they *should* answer if they're playing it straight. These could be forwarded to the review committee, too. If we come up with a good list, I'm willing to submit it to them. For that matter, I'll submit it to one of the gentleman from NSA who gave the Clipper presentation at Bell Labs. (But I won't bother sending in ``when did you stop beating your spousal equivalent unit'' questions; there's no point to doing that in this venue.) Question 1: What is the unit key generation algorithm? If it is classified, justify the decision with reasoning at least as persuasive as the reason Skipjack is classified. Question 2: Ditto for the device serial number. Any more?