From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 00e95f8827462d9b173c05996851d96325f01b288e95b232c07e673e24cd0893
Message ID: <199509270735.AAA23328@ix5.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-09-27 07:36:08 UTC
Raw Date: Wed, 27 Sep 95 00:36:08 PDT
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 27 Sep 95 00:36:08 PDT
To: cypherpunks@toad.com
Subject: Hack Microsoft At Work Fax?
Message-ID: <199509270735.AAA23328@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
I've been helping a client install Microsoft Windows for Workgroups,
which comes with Microsoft At Work Fax. The fax software, in addition
to doing normal stuff, lets you encrypt faxes with passwords or public-key
encryption for sending to other people who use the same software.
The manual has minimal technical information, so I don't know the algorithms
it uses; it mostly talks about what GUI buttons to push.
I was hoping the section on taking your software overseas would say
something about
Export Laws and International Arms Traffickin' (and creatin' a disturbance...)
but all it said was how to set the international-direct-dialing phone codes
so you can get your fax to go where you want. Because of that, I'm guessing
it's something like RC4/40 and RSA-512 with some sort of user name as part of
the public key field, but I'd like to know more, and I'm also guessing that
they've got some sort of general export license permission from the Feds.
The public-key system uses a public key file with "154 computer-generated
characters", and recommends exchanging public keys by floppy disk.
I don't know if that's 154*8 bits, or 154*6 or *4, or if there's a user-name
string using up some of those characters; probably the latter since it's
probably 512 bits because of export.
I called the usually helpful Microsoft Technical Support phone number,
and they were friendly and will try to get back to me, but this is
way out of the scope of the kind of questions they're used to :-)
And the stuff I could find from the Web page or ftp.microsoft.com
on encryption had less than the manual, plus some stuff on password
encryption, plus some stuff on their RAS remote network access stuff
which apparently uses DES as well as standard PPP handshaking or
Shiva handshaking.
Does anybody have any more information? It'd be fun to hit up Microsoft
for the next crack if it's weak enough; the fax stuff can also be sent by MSMail
so there is eavesdropping potential.
#---
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---
Return to September 1995
Return to “Bill Stewart <stewarts@ix.netcom.com>”
1995-09-27 (Wed, 27 Sep 95 00:36:08 PDT) - Hack Microsoft At Work Fax? - Bill Stewart <stewarts@ix.netcom.com>