Key escrow two strings that when XORd regenerate the session master key

Note: Clipper chip

Slide Notes

For information about problems with the Clipper chip see:

Matt Blaze. "Protocol Failure in the Escrowed Encryption Standard." Proceedings of Second ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994.

Transcript

[slide410] Well, instead of giving her key to one escrow agent, Alice takes the key, splits it apart, and makes two keys, gives them to escrow agent A and B, and now only if I recombine those keys do I have the session master key. So even if escrow agent A is completely corrupt, they could be bribed, so they hand out keys, unless the escrow agent B is also corrupt, no one can get the information they need to recover the key. This was introduced in an idea called the Clipper Chip, and Matt Blaze wrote a very interesting paper about this. This was an effort by the U.S. government long ago to say that you would have to make it such that if you're going to have encrypted communications, the government would be able to get the keys, and it was based on this idea of having two escrow agents, and you'd have to go and prove that you had a lawful court order for interception to both of them before you could get the information to get the key.