the rest of the key

Jim Gillogly jim at rand.org
Wed Mar 30 09:28:10 PST 1994



> I was just wondering.... If the NSA could get it's hands on half
> (40) of any particular clipper key, wouldn't that just leave 2^40
> to compute? Even with brute force, it's trivial  even next to DES.

No -- not like that, anyway.  The two halves are each 80-bit numbers
constructed from the key generation process, and the unit key is the XOR
of the two of them.  Having one doesn't give any information about the
key, if the key generation people are behaving honestly.  Obviously if
one of the halves is supplied by somebody sneaky they don't need the other
half; but the procedure as outlined by Denning would make this impossible
if Skipjack is as strong as she believes.

I understand the Skipjack review committee will be looking into the key
generation process at Mykotronx also.  The procedures originally proposed
for burning in the keys has some annoying flaws that have been pointed out
frequently, like the existence of both halves in the same room at the same
time, which would be a tempting target for somebody siphoning them off to
a private single-site escrow. :)  Various people have suggested that the
two halves of the key could be burned in at separate locations, so that the
only place they're put together is in the key itself; this was not part of
the proposal as we've seen it so far out here.

	Jim Gillogly
	Sterday, 8 Astron S.R. 1994, 17:25






More information about the cypherpunks-legacy mailing list