From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
To: cypherpunks@toad.com (cypherpunks mailing list)
Message Hash: d640ae37f8b7fa9463d77ac4f243c362e1eecac3d4362bb8bfdd8b1c1f46e228
Message ID: <3106df37.flight@flight.hrnowl.lonestar.org>
Reply To: N/A
UTC Datetime: 1996-01-25 06:10:56 UTC
Raw Date: Thu, 25 Jan 1996 14:10:56 +0800
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Thu, 25 Jan 1996 14:10:56 +0800
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Hack Lotus?
Message-ID: <3106df37.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
I have no doubt that enterprising hackers will be able to hack
the international version of lotus Notes to make it as secure
as the domestic version. It is probably just a matter of NOPing
some code.
The real problem is the 64 bit key in the domestic version. This
conforms to the NIST "standard" for an exportable system. In other
words to allow the international people to have almost non-existant
40 bit security, they have limited domestic users to 64 bit secuity.
The 64 bits keys must be breakable at least in some sense or the limitation
would not be in the NIST "standard".
The 64 bit keys are probably allocated in structures and stack allocations,
so the hacking past the 64 bit limitation will probably be extremely difficult
and error prone! (To increase the size of data in a structure or data on the
stack means moving all the data beond it. This means increasing the memory
allocated and changing all references to data beond the data whose size is
increased.) To do this in a patch, may be difficult.
In any case, I do not trust the code any large company if I do not have
the source code. Big companies are too subject to presure. What we really
need is a hack to completely substitute our own external code such as PGP!
- --
Paul Elliott Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org Address: 3987 South Gessner #224
Houston Texas 77063
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850
iQCVAgUBMQbe8fBUQYbUhJh5AQHDoAQAg9eWu4aJrhQ87n+JqxfTjCOJKEKm8Bfr
J9Gggh/jnzW1MY4ApjOtQes7sHR5+66i43E4nUnN0CJYyD+aMCjbJEhwLPU4uHy2
1nF36X0vCYe0+4uSrebW/eMpFBj6fFrVbrmF8tiGD2VrqSQ2Fda00PY9erKKD2KN
GTmeqFL/QVY=
=SDNt
-----END PGP SIGNATURE-----
Return to January 1996
Return to “Paul Elliott <paul.elliott@hrnowl.lonestar.org>”