From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
To: daw@beijing.CS.Berkeley.EDU (David A Wagner)
Message Hash: 3b48d27dbe1b9468d10f87b7c320d57ae03adb13f8572017e1a9ad987e3bba33
Message ID: <199601190610.RAA17232@sweeney.cs.monash.edu.au>
Reply To: <199601190154.UAA24710@bb.hks.net>
UTC Datetime: 1996-01-19 10:25:01 UTC
Raw Date: Fri, 19 Jan 1996 18:25:01 +0800
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 19 Jan 1996 18:25:01 +0800
To: daw@beijing.CS.Berkeley.EDU (David A Wagner)
Subject: Re: Hack Lotus?
In-Reply-To: <199601190154.UAA24710@bb.hks.net>
Message-ID: <199601190610.RAA17232@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Hello cypherpunks@toad.com
and daw@beijing.CS.Berkeley.EDU (David A Wagner)
...
> Hack Lotus? Please do.
...
> If the receiving Lotus Notes program does verify that the high 24 bits
> are escrowed correctly, then anyone can verify that, so in 2^24 trials,
> I can recover the high 24 bits, and with 2^40 more trials, I can recover
> the high 40 bits. Therefore 2^40 + 2^24 trials should suffice to hack
> Lotus if this is how it works.
...
I have no idea how Lotus actually does this, but:
How about a salt determined by the forty bit part?
Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
Required Field") could contain Encrypt(Hash(s).g,BigBrother).
The receiving end, knowing both s and g, could re-calculate the
BARF and only function when it's correct. Unless it's been hacked too,
in which case it could barf when the BARF is correct :-)
Would that work or have I missed something? As I said, I've no idea
what Lotus actually does.
Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMP81zCxV6mvvBgf5AQGcZgP+PZyX+uZsHcG/RM29onq8d7FB402nHiqM
QgZi6dXb7AkilYrw0YGt1fDDzi1W7+0bufmX2sa02r6Yh/MkJ8Lw+O/WHYau5eDP
XC91pTFQHAYlvi9zNIKoclh1x2Z3dDUkly5yBA3nAhDuY2tcteop8nPLewA49qm5
H61a7l3o+Ys=
=Prxc
-----END PGP SIGNATURE-----
Return to January 1996
Return to “Jiri Baum <jirib@sweeney.cs.monash.edu.au>”