Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!cmcl2!yale!husc6!mit-eddie!rutgers!princeton!allegra!ulysses!faline!karn
From: karn@faline.UUCP (Phil R. Karn)
Newsgroups: sci.crypt
Subject: Re: VC-II key distribution (was - This is *stupid*)
Message-ID: <272@faline.UUCP>
Date: Thu, 4-Dec-86 20:19:15 EST
Article-I.D.: faline.272
Posted: Thu Dec  4 20:19:15 1986
Date-Received: Sat, 6-Dec-86 21:44:53 EST
References: <12246@watnot.UUCP> <4725@yale-celray.yale.UUCP> <7277@gatech.EDU>
Distribution: net
Organization: Bell Communications Research, Inc
Lines: 23

> It just seems that if they are not using some sort of public key encryption
> to bootstrap into the DES then there is big hole out there. Your receiver is
> receiving a key somehow.

The primary/secondary key management scheme is designed to thwart
exactly this kind of attack. Yes, the keys your box needs to decrypt the
audio ARE sent over the satellite BUT they are themselves encrypted by a
different, "primary" DES key -- which is never sent over the air. The
primary keys (there are 4, of which one is active at any time) are
loaded into each Videocipher box as it is manufactured, and they sit in
registers on the DES chip. They cannot be read out through the device
pins, and dropping battery backup power to the chip destroys the key. 
As I said in my last message, the security of Videocipher lies entirely
in the physical security of these primary keys; if you can figure out
how to get them out of the chip, you've broken the system.

Rumor also has it that the Videocipher scheme has a "remote destruct"
command which allows M/A-Com to tell a box to forget the primary keys;
the box then becomes useless until it is returned to the factory for key
reloading. Now consider a future Captain Midnight figuring out how to
trigger this function. What a concept.

Phil