[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ames/clipper compromised?



	 The  words I also heard were, "If there's only even a  1%  chance 
	 that  Clipper has been compromised, the whole thing's  over.   We 
	 have to start from scratch."
   What does it mean to ``compromise'' Clipper?  The algorithm is known?

Yeah.. this doesn't completely add up unless (a) the source is lying
or (b) there's a "blatant" back door.

If the algorithm becomes known at this stage in the game, they can
probably "easily" generate a modified SKIPJACK algorithm (changing the
S-boxes or equivalent), a new family key, and a subtle variation on
key generation.  They might not even need to re-spin the chip design
if, as they claimed, the critical parts of the algorithm are
programmed into the chip after fabrication.

BTW, my guess at the most likely back door is that the unit keys will
be generated as a cryptographic function of the serial number and a
*small* random number generated for each chip and unknown to the
agency.  They would have to search a mere 2**16..2**32 keys once they
get the serial number out of the LEEF.  The existance of such a
backdoor would be difficult to prove, since there would be no visible
evidence for it in the individual chips.  It is also difficult to
disprove such a theory because the clipper key generation algorithms
are classified.

					- Bill