[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hack Microsoft At Work Fax?

To: [email protected]
Subject: Hack Microsoft At Work Fax?
From: Bill Stewart <[email protected]>
Date: Wed, 27 Sep 1995 00:34:17 -0700
Sender: [email protected]

I've been helping a client install Microsoft Windows for Workgroups,
which comes with Microsoft At Work Fax.  The fax software, in addition
to doing normal stuff, lets you encrypt faxes with passwords or public-key
encryption for sending to other people who use the same software.
The manual has minimal technical information, so I don't know the algorithms
it uses; it mostly talks about what GUI buttons to push.  

I was hoping the section on taking your software overseas would say
something about
Export Laws and International Arms Traffickin' (and creatin' a disturbance...)
but all it said was how to set the international-direct-dialing phone codes
so you can get your fax to go where you want.  Because of that, I'm guessing 
it's something like RC4/40 and RSA-512 with some sort of user name as part of 
the public key field, but I'd like to know more, and I'm also guessing that 
they've got some sort of general export license permission from the Feds.

The public-key system uses a public key file with "154 computer-generated 
characters", and recommends exchanging public keys by floppy disk.  
I don't know if that's 154*8 bits, or 154*6 or *4, or if there's a user-name
string using up some of those characters; probably the latter since it's
probably 512 bits because of export.

I called the usually helpful Microsoft Technical Support phone number,
and they were friendly and will try to get back to me, but this is
way out of the scope of the kind of questions they're used to :-)
And the stuff I could find from the Web page or ftp.microsoft.com
on encryption had less than the manual, plus some stuff on password
encryption, plus some stuff on their RAS remote network access stuff
which apparently uses DES as well as standard PPP handshaking or
Shiva handshaking.

Does anybody have any more information?  It'd be fun to hit up Microsoft
for the next crack if it's weak enough; the fax stuff can also be sent by MSMail
so there is eavesdropping potential.
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---

Prev by Date: Re: Cypherpunks Lite
Next by Date: Re: netscape NSRANDFILE compatible with /dev/random ?
Prev by thread: Re: Wild Idea for RNG
Next by thread: testab
Index(es):
- Date
- Thread