From: Weld Pond <weld@l0pht.com>
Date: Mon, 11 Mar 1996 02:55:49 +0800
To: cypherpunks@toad.com
Subject: Infosecurity News blurb on Notes
Message-ID: <Pine.BSD/.3.91.960307221457.27289A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the March/April 1996 issue.

Lotus accepts escrow
      
In a compromise to obtain export permission, Lotus Development Copr. has 
agreed to escrow 24 bits of the 64-bit encryption keys used in the new 
release of Lotus Notes.  The U.S. government allows export of unescrowed 
40-bit key strings.

Under the Lotus plan, U.S. agents will be able to access the escrowed 
portion of the key but would still have to decrypt the rest to obtain a 
clear-text message.  Althought the NSA has not said it can decrypt 
40-bit DES encryption, many postuylate that it can.

[end excerpt]

Postulate??? And I thought Notes used RC4?  Pretty bad for a security 
journal.
      

      Weld Pond   -  weld@l0pht.com   -   http://www.l0pht.com/~weld
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio