[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Fortezza random number generator is not trustworthy
>Date: Tue, 26 Sep 1995 14:56:54 -0700
>From: Eric Blossom <[email protected]>
>
>I was under the impression that a seed for the RNG is loaded into the
>Fortezza at initialization time. This would make me think that they
>are using a cryptographically strong PRNG. This would give data that
>appears random, but is completely determined by the initial state.
>
>I suspect that the "seed keys" provided by the two agencies used to
>program the Clipper chips has the same properties. This makes the
>question about how does the NSA get access to the key escrow database
>moot. They don't need access. They know a priori all the unit keys.
My favorite Clipper master key generation algorithm, in the sacrificial
laptop in the Mykotronix vault, is:
\[ K(n) = H_1(R_1, R_2, n) = H_2( n ) \]
where $H_2$ is a damned good one-way function, as highly classified as
DERD's original description of the PRNG in the chip programming process
indicated, $n$ is the chip's serial number, $R_1$ and $R_2$ are the ranno
seeds provided by NIST and Treasury folks and $K(n)$ is the master key for
chip n.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison [email protected] http://www.clark.net/pub/cme |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
| ``Officer, officer, arrest that man! He's whistling a dirty song.'' |
+---------------------------------------------- Jean Ellison (aka Mother) -+