From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 1996 11:33:17 +0800
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Subject: Re: Hack Lotus?
Message-ID: <199601210319.TAA23787@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:14 PM 1/19/96 -0500, daw@quito.CS.Berkeley.EDU (David A Wagner) wrote:
>I was talking to Avi Rubin from Bellcore last night, and he speculated
>that maybe the 64 bit key was a fixed one, generated once at installation
>time and escrowed with the government then.

To do that, the user's system have to communicate with the government,
which would be unlikely and avoidable.  Alternatively, if Lotus is willing
to release copies with different serial numbers (either on the disk
or printed on the label), the installation process could include
public-key encrypting a 64-bit key for the user with the GAK key,
generating a (say) 512-bit encrypted key which could be dragged around
in the headers or (if they wanted to minimize overhead) handed out
in 64-bit chunks with every message or some such silliness.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....