From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 04:34:11 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <v02120d55ad2b86f79513@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:02 1/23/96, JMKELSEY@delphi.com wrote:
[...]
>Now, I'm very interested in whether they thought about this as a
>potential problem, and thus padded their LEAF intelligently, or left
>themselves vulnerable to a dictionary-style attack on the LEAF.
>This translates, roughly, to "was someone with a basic understanding
>of cryptography involved in this design?"  Clearly, IBM has some
>really good people, and I suspect Lotus did/does, as well.  But were
>they involved enough in the implementation to ensure that this was
>done intelligently?

You are assuming that they *want* the hole to be unpatchable. I see no
reason why they should. "We tried out best, but these darn hackers found a
way to enable full 64 bits. Sorry, but we tried." Perhaps the most
intelligent thing to do was to keep the GAK subject to a simple patch.



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.