1996-01-21 - Re: Hack Lotus?

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Message Hash: cb8e4f71e3080c3f6209865b5d471df9ce96c9aa0274bf8fee1fa3a4a129a624
Message ID: <199601210319.TAA23787@ix4.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-01-21 03:33:17 UTC
Raw Date: Sun, 21 Jan 1996 11:33:17 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 1996 11:33:17 +0800
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Subject: Re: Hack Lotus?
Message-ID: <199601210319.TAA23787@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:14 PM 1/19/96 -0500, daw@quito.CS.Berkeley.EDU (David A Wagner) wrote:
>I was talking to Avi Rubin from Bellcore last night, and he speculated
>that maybe the 64 bit key was a fixed one, generated once at installation
>time and escrowed with the government then.

To do that, the user's system have to communicate with the government,
which would be unlikely and avoidable.  Alternatively, if Lotus is willing
to release copies with different serial numbers (either on the disk
or printed on the label), the installation process could include
public-key encrypting a 64-bit key for the user with the GAK key,
generating a (say) 512-bit encrypted key which could be dragged around
in the headers or (if they wanted to minimize overhead) handed out
in 64-bit chunks with every message or some such silliness.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....






Thread