Ames/clipper compromised?
Matt Thomlinson
phantom at u.washington.edu
Mon Mar 28 10:16:54 PST 1994
sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) :
>BTW, my guess at the most likely back door is that the unit keys will
>be generated as a cryptographic function of the serial number and a
>*small* random number generated for each chip and unknown to the
>agency. They would have to search a mere 2**16..2**32 keys once they
>get the serial number out of the LEEF. The existance of such a
>backdoor would be difficult to prove, since there would be no visible
>evidence for it in the individual chips. It is also difficult to
>disprove such a theory because the clipper key generation algorithms
>are classified.
I just read a paper that might apply to this type of backdoor; it was by
someone at RSA, with the title "..RSA's trapdoor can be broken". I'll
look the article up when I get home. Basically, it argued that the smaller
keyspace generation approach used above would be detectable.
I think it might be generally applicable. I'll look it up again.
mt
Matt Thomlinson Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu phone: (206) 548-9804
PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu
More information about the cypherpunks-legacy
mailing list