Re: Lotus Notes 24-bit sellout

[jim bell <jimbell@pacifier.com>]

At 09:21 AM 4/12/96 -0700, Jerry Whiting wrote:
>
>When Ray Ozzie announced the work reduction sellout at the RSA conference, 
>both he and Ms Denning (whom I spoke with about it later) mentioned that 
>there was something else in Lotus Notes 4 besides the 40+24 bit compromise.
>
>My thought is that the NSA gave them something else in exchange for the 
>mandatory escrow scheme they're all talking about publicly.  Perhaps some 
>other crypto code the NSA had lying around unused.
>
>So looking for a common 24-bit subkey may reduce Notes' key to a 40-bit 
>brute force exercise but the 40+24 is probably not ALL that's in Notes 4.
>
>Definitely a deal with the Devil.  Given that we're talking about IBM, not 
>Lotus none of this surprises me given IBM's Lucifer/DES history with spook 
>input years ago.  Then again to be fair, I don't know if the 40+24 deal 
>was cooked up before or after the IBM/Lotus merger.

What about the following idea, which I think might have been indirectly 
discussed a few months ago.  Let's suppose "you" agreed with the NSA to 
limit their effort to 40 bits, and put 24 bits at the beginning of the file. 
 The code to do this could be separated and highlighted and identified 
publicly, and a software patch could be engineered by somebody to NOP this 
stretch of code to death.  The result is that those 24-bits simply don't 
appear; you've already gotten the export license.  The NSA doesn't have any 
real reason to complain:  _ANY_ program can be modified by suitably changing 
object code bit patterns. An even smaller change would be to put the number 
of bits to expose ("24") in a byte value ("00011000"), one that will be 
zeroed by a patch later on.

I guess I'm not really suggesting this; I think that even appearing to come 
to some arrangement with the NSA is wrong.  However, it would be an 
excellent way to give the finger to the NSA, because there is no way that 
they can ensure that a given program is "finagle-proof."