[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Paranoid Musings



On 30 Jul 96 at 11:13, Bill Frantz wrote:
[..]
> (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 

Differentiate between the cipher and the key-initialization.  There 
may be a flaw in how the key is set up that can make brute-force 
searches easier.  Known plaintext of a few headers may also help in 
guessing the s-box state, even if partially: combined with flaws in 
the key, this could be exploited, especially if one has a lot of 
experience and computing power handy.

[..]
> (2) What did Microsoft give up to export its crypto API?
> 
> Well, if you were a TLA, what would you want.  I think I would want an
> agreement to be able to insert my own code in that vendor's products.  Then
> I would be able to have widely distributed Trojan horses signed by the
> vendor.  I would have the opportunity to significantly weaken standardized
> crypto systems installed world wide.

Risky.  Code can always be reverse engineered.  If a flaw is 
exploited in too-strong an algorithm (3DES and 4k-bit RSA keys, for 
instance) to prosecute various people, somebody might notice. If US 
companies seem to magically have proprietary info from foreign 
companies, this would also be a sign of suspicion.   I think the
C[r]API will be used as a form of mandating GAK instead.

Rob





> 
> 
> Conspiracy theorists, start your mailers.
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
> (408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
> [email protected] |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA
> 
> 
> 
> 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 [email protected] (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <[email protected]>
Send a message with the subject "send pgp-key" for a copy of my key.