[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Silly Shrinkwrapped Encryption

At 11:49 AM -0800 1/6/98, Eric Cordian wrote:
>I managed to find a document entitled "Security in Lotus Notes and the
>Internet" on the Web.
>It describes the weakening procedure as follows.
>  "No matter which version of Notes you are using, encryption uses the
>   full 64-bit key size. However, the International edition takes 24 bits
>   of the key and encrypts it using an RSA public key for which the US
>   National Security Agency holds the matching private key. This
>   encrypted portion of the key is then sent with each message as an
>   additional field, the workfactor reduction field. The net result of
>   this is that an illegitimate hacker has to tackle 64-bit encryption,
>   which is at or beyond the practical limit for current decryption
>   technology and hardware. The US government, on the other hand, only
>   has to break a 40-bit key space, which is much easier (2 to the power
>   of 24 times easier, to be precise)."

It seems to me that if you step on the correct part of the message, you zap
the encrypted 24 bits, and cut NSA out of the loop.  Of course the receiver
could notice and refuse to decrypt, which would require some software
hacking to defeat, but that is certainly doable.

Bill Frantz       | One party wants to control | Periwinkle -- Consulting
(408)356-8506     | what you do in the bedroom,| 16345 Englewood Ave.
[email protected] | the other in the boardroom.| Los Gatos, CA 95032, USA