1996-01-25 - Re: Hack Lotus?

Header Data

From: Alan Olsen <alano@teleport.com>
To: cypherpunks@toad.com
Message Hash: 33ad0b8fcb92ffec570be9293c28fc6cec3aa75e98a95aa6476bc8e4b9a0b642
Message ID: <2.2.32.19960125090041.008e7488@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1996-01-25 10:19:04 UTC
Raw Date: Thu, 25 Jan 1996 18:19:04 +0800

Raw message

From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jan 1996 18:19:04 +0800
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <2.2.32.19960125090041.008e7488@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:38 AM 1/25/96 +0000, you wrote:

>I have no doubt that enterprising hackers will be able to hack
>the international version of lotus Notes to make it as secure
>as the domestic version. It is probably just a matter of NOPing
>some code.
>
>The real problem is the 64 bit key in the domestic version. This
>conforms to the NIST "standard" for an exportable system. In other
>words to allow the international people to have almost non-existant
>40 bit security, they have limited domestic users to 64 bit secuity.
>The 64 bits keys must be breakable at least in some sense or the limitation
>would not be in the NIST "standard".
{stuff deleted]

Something just came to mind...  What if there is not difference between the
exportable and non-exportable versions?  Could it be that they are *both* GAKed?

Maybe I am just being paranoid (or thinking that IBM might just be lazy
enough to push out a single version under two versions), but it is something
that needs to be determined.

Does anyone out there have access to both versions for a comparison?

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"






Thread