Re: Hack Lotus?

[daw@quito.CS.Berkeley.EDU (David A Wagner)]

-----BEGIN PGP SIGNED MESSAGE-----

In article <199601190610.RAA17232@sweeney.cs.monash.edu.au>,
Jiri Baum <jirib@sweeney.cs.monash.edu.au> wrote:
> > Hack Lotus?  Please do.
> 
> I have no idea how Lotus actually does this, but:
> 
> How about a salt determined by the forty bit part?
> 
> Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
> Required Field") could contain Encrypt(Hash(s).g,BigBrother).
> 
> The receiving end, knowing both s and g, could re-calculate the
> BARF and only function when it's correct. Unless it's been hacked too,
> in which case it could barf when the BARF is correct :-)

Looks good to me -- I think that should work.

I guess that goes to show my lack of creativity. :-)

I was talking to Avi Rubin from Bellcore last night, and he speculated
that maybe the 64 bit key was a fixed one, generated once at installation
time and escrowed with the government then.

With a fixed pre-escrowed key, the receiver wouldn't have to do any
checking; and it would obviate the need for a LEEF/BARF/... field.
On the other hand, it seems to me like one should be able to disable
this fixed pre-escrowed key mechanism with a little binary patch.

I guess we need hard technical details.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQAXySoZzwIn1bdtAQFQxgF/d72pj3qiRVIxCBPvhBEsLwWtTiO9tibv
HEa8VbFTwMWoWY70XAMd8meFG5ktMRob
=8JMW
-----END PGP SIGNATURE-----