Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!cis.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!gatech!darwin.sura.net!haven.umd.edu!uunet!charon.cto.citicorp.com!charon.cto.citicorp.com!not-for-mail
From: philip@charon.cto.citicorp.com (Philip Gladstone)
Newsgroups: sci.crypt
Subject: More Clipper Stuff
Date: 16 Apr 1993 18:09:56 -0400
Organization: Citicorp
Lines: 15
Message-ID: <1qnark$4g8@charon.cto.citicorp.com>
NNTP-Posting-Host: charon.cto.citicorp.com
X-Newsreader: TIN [version 1.1 PL6]

As of yet, there has been no description of the general principles
behind the Clipper proposal. For example, is this a public key system
or a private key system? If the latter, then I don't see how the
system could work (given that the keys are tied to the device and
not the person).

Further, the escrowed 80-bit keys are split into two 40-bit chunks.
I would guess that the availability of one of these 40-bit chunks
and a reasonable key-search machine, would allow you to read the traffic.
I'm not suggesting that this is a deliberate weakness of the system,
but it does make you think. Of course, this is easily fixable by 
giving out two 80-bit chunks which could be x-ored to generate the 
real 80-bit key.

Philip
