[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Silly Shrinkwrapped Encryption


In <[email protected][]>, on 01/07/98 
   at 12:10 AM, Bill Frantz <[email protected]> said:

>At 11:49 AM -0800 1/6/98, Eric Cordian wrote:
>>I managed to find a document entitled "Security in Lotus Notes and the
>>Internet" on the Web.
>>It describes the weakening procedure as follows.
>>  "No matter which version of Notes you are using, encryption uses the
>>   full 64-bit key size. However, the International edition takes 24 bits
>>   of the key and encrypts it using an RSA public key for which the US
>>   National Security Agency holds the matching private key. This
>>   encrypted portion of the key is then sent with each message as an
>>   additional field, the workfactor reduction field. The net result of
>>   this is that an illegitimate hacker has to tackle 64-bit encryption,
>>   which is at or beyond the practical limit for current decryption
>>   technology and hardware. The US government, on the other hand, only
>>   has to break a 40-bit key space, which is much easier (2 to the power
>>   of 24 times easier, to be precise)."

>It seems to me that if you step on the correct part of the message, you
>zap the encrypted 24 bits, and cut NSA out of the loop.  Of course the
>receiver could notice and refuse to decrypt, which would require some
>software hacking to defeat, but that is certainly doable.

Wouldn't it be much better just to not use the crap?!?

Why should we give our money to a company that has shown that they will
sell us out at the first chance of making a buck doing so??

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000