[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack Lotus?



-----BEGIN PGP SIGNED MESSAGE-----

Hello [email protected]
  and [email protected] (David A Wagner)
 
...
> Hack Lotus?  Please do.
...
> If the receiving Lotus Notes program does verify that the high 24 bits
> are escrowed correctly, then anyone can verify that, so in 2^24 trials,
> I can recover the high 24 bits, and with 2^40 more trials, I can recover
> the high 40 bits.  Therefore 2^40 + 2^24 trials should suffice to hack
> Lotus if this is how it works.
...


I have no idea how Lotus actually does this, but:

How about a salt determined by the forty bit part?

Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
Required Field") could contain Encrypt(Hash(s).g,BigBrother).

The receiving end, knowing both s and g, could re-calculate the
BARF and only function when it's correct. Unless it's been hacked too,
in which case it could barf when the BARF is correct :-)


Would that work or have I missed something? As I said, I've no idea
what Lotus actually does.


Jiri
- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMP81zCxV6mvvBgf5AQGcZgP+PZyX+uZsHcG/RM29onq8d7FB402nHiqM
QgZi6dXb7AkilYrw0YGt1fDDzi1W7+0bufmX2sa02r6Yh/MkJ8Lw+O/WHYau5eDP
XC91pTFQHAYlvi9zNIKoclh1x2Z3dDUkly5yBA3nAhDuY2tcteop8nPLewA49qm5
H61a7l3o+Ys=
=Prxc
-----END PGP SIGNATURE-----