[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack Lotus?

To: [email protected]
Subject: Re: Hack Lotus?
From: Jiri Baum <[email protected]>
Date: Sat, 20 Jan 1996 23:02:23 +1100 (EST)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "Peter Trei" at Jan 19, 96 10:33:56 pm
Reply-To: [email protected]
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

Hello "Peter Trei" <[email protected]>
  and <[email protected]>, [email protected], [email protected]
 
P.T. writes:
> > "Peter Trei" writes:
...
> > > If they're nasty, they'll check on the receiving side as well, to
...
> > Nearly impossible. Why? Because they can only include the public key,
...
> 1 Alice generates session key K
> 2 encrypts with Bob's public key, producing Epb(K)
> 3 extracts 24 bits of K to make K'
> 4 encrypts with Eve's (spy) public key, producing Epe(K')
...

Eeek! that gives 2^24 possible plaintext/ciphertext pairs. Trivial to brute.

3 should be:
  extracts 24 bits of K and concatenates it with H(K) to make K'
  where H is a strong one-way hash. 


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQDZqCxV6mvvBgf5AQFrMgP/fE6wLHoJYZP6bI5Q29nuqvJNk5pR2WW9
L5URPg2Mc2HsGtjlyZYLEEpnCUAbWWgJ0cM/vHz/1VSApCLkeekZ73IhmEngijGc
HoHbl2krgVcKv3D6Rhlhoq4t5JgPbhU3hVpb2MiozxFmOBkZgzUYFC82Sk2leE5O
/P8lgTahzNE=
=mgkS
-----END PGP SIGNATURE-----

References:
- Re: Hack Lotus?
  - From: "Peter Trei" <[email protected]>

Prev by Date: Re: CryptoAPI and export question
Next by Date: [NOISE] FIG_newt/on CIA
Prev by thread: Re: Hack Lotus?
Next by thread: Re: Hack Lotus?
Index(es):
- Date
- Thread