[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Lotus Notes
At 20:02 1/23/96, [email protected] wrote:
[...]
>Now, I'm very interested in whether they thought about this as a
>potential problem, and thus padded their LEAF intelligently, or left
>themselves vulnerable to a dictionary-style attack on the LEAF.
>This translates, roughly, to "was someone with a basic understanding
>of cryptography involved in this design?" Clearly, IBM has some
>really good people, and I suspect Lotus did/does, as well. But were
>they involved enough in the implementation to ensure that this was
>done intelligently?
You are assuming that they *want* the hole to be unpatchable. I see no
reason why they should. "We tried out best, but these darn hackers found a
way to enable full 64 bits. Sorry, but we tried." Perhaps the most
intelligent thing to do was to keep the GAK subject to a simple patch.
-- Lucky Green <mailto:[email protected]>
PGP encrypted mail preferred.