[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Paranoid Musings
On 30 Jul 96 at 11:13, Bill Frantz wrote:
[..]
> (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it?
Differentiate between the cipher and the key-initialization. There
may be a flaw in how the key is set up that can make brute-force
searches easier. Known plaintext of a few headers may also help in
guessing the s-box state, even if partially: combined with flaws in
the key, this could be exploited, especially if one has a lot of
experience and computing power handy.
[..]
> (2) What did Microsoft give up to export its crypto API?
>
> Well, if you were a TLA, what would you want. I think I would want an
> agreement to be able to insert my own code in that vendor's products. Then
> I would be able to have widely distributed Trojan horses signed by the
> vendor. I would have the opportunity to significantly weaken standardized
> crypto systems installed world wide.
Risky. Code can always be reverse engineered. If a flaw is
exploited in too-strong an algorithm (3DES and 4k-bit RSA keys, for
instance) to prosecute various people, somebody might notice. If US
companies seem to magically have proprietary info from foreign
companies, this would also be a sign of suspicion. I think the
C[r]API will be used as a form of mandating GAK instead.
Rob
>
>
> Conspiracy theorists, start your mailers.
>
>
> -------------------------------------------------------------------------
> Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting
> (408)356-8506 | [Beware the man of one | 16345 Englewood Ave.
> [email protected] | book] - Anonymous Latin | Los Gatos, CA 95032, USA
>
>
>
>
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 [email protected] (root@magneto)
AB1F4831 1993/05/10 Deranged Mutant <[email protected]>
Send a message with the subject "send pgp-key" for a copy of my key.