[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lotus Notes

To: [email protected], [email protected]
Subject: Re: Lotus Notes
From: [email protected] (Lucky Green)
Date: Tue, 23 Jan 1996 23:24:39 -0800
Sender: [email protected]

At 20:02 1/23/96, [email protected] wrote:
[...]
>Now, I'm very interested in whether they thought about this as a
>potential problem, and thus padded their LEAF intelligently, or left
>themselves vulnerable to a dictionary-style attack on the LEAF.
>This translates, roughly, to "was someone with a basic understanding
>of cryptography involved in this design?"  Clearly, IBM has some
>really good people, and I suspect Lotus did/does, as well.  But were
>they involved enough in the implementation to ensure that this was
>done intelligently?

You are assuming that they *want* the hole to be unpatchable. I see no
reason why they should. "We tried out best, but these darn hackers found a
way to enable full 64 bits. Sorry, but we tried." Perhaps the most
intelligent thing to do was to keep the GAK subject to a simple patch.

-- Lucky Green <mailto:[email protected]>
   PGP encrypted mail preferred.

Prev by Date: Re: Hack Java
Next by Date: Re: PZ a Nazi?
Prev by thread: Lotus Notes
Next by thread: Re: Lotus Notes
Index(es):
- Date
- Thread