[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


    Date: Mon, 2 Aug 1993 13:52 EDT
    From: [email protected] (Murdering Thug)

    To review:  1) The key escrow aspect is a wild goose chase.
		2) The security of the algorithm is also a wild goose chase.
		3) The backdoor must be in the chip hardware itself.

Dr. Thug ignores the most obvious weakness, which is likely in the key
generation process.  By selecting the key from a relatively small
keyspace (say 40 bit equivalent, rather than the 80 bit nominal
keyspace) the cost of exhaustive search can be dramatically lowered to
those who know the basis of key selection, without any outward evidence
of tampering, weakness of the algorithm, weakness of the chip,
vulnerability to external attacks, special hardware to respond to
trapdoor codes, etc.

Examining the chip hardware for correctness will not discover this
attack.  Only providing users with the ability to program their own
keys, together with public disclosure of the Skipjack algorithm and
verification of its implementation can help.

If there are a significant number of weak keys in the Skipjack algorithm
(which is explicitly denied in the panel report) then even this approach
could be dangerous.