From: shamrock@netcom.com (Lucky Green)
To: cypherpunks@toad.com
Message Hash: c770cd416c2ecbd33840448e2309161da3af7132ae72f7e93d2314923c5b5221
Message ID: <v02120d55ad2b86f79513@[192.0.2.1]>
Reply To: N/A
UTC Datetime: 1996-01-25 20:34:11 UTC
Raw Date: Fri, 26 Jan 1996 04:34:11 +0800
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 04:34:11 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <v02120d55ad2b86f79513@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain
At 20:02 1/23/96, JMKELSEY@delphi.com wrote:
[...]
>Now, I'm very interested in whether they thought about this as a
>potential problem, and thus padded their LEAF intelligently, or left
>themselves vulnerable to a dictionary-style attack on the LEAF.
>This translates, roughly, to "was someone with a basic understanding
>of cryptography involved in this design?" Clearly, IBM has some
>really good people, and I suspect Lotus did/does, as well. But were
>they involved enough in the implementation to ensure that this was
>done intelligently?
You are assuming that they *want* the hole to be unpatchable. I see no
reason why they should. "We tried out best, but these darn hackers found a
way to enable full 64 bits. Sorry, but we tried." Perhaps the most
intelligent thing to do was to keep the GAK subject to a simple patch.
-- Lucky Green <mailto:shamrock@netcom.com>
PGP encrypted mail preferred.
Return to January 1996
Return to “shamrock@netcom.com (Lucky Green)”
1996-01-25 (Fri, 26 Jan 1996 04:34:11 +0800) - Re: Lotus Notes - shamrock@netcom.com (Lucky Green)