From: daw@quito.CS.Berkeley.EDU (David A Wagner)
To: cypherpunks@toad.com
Message Hash: f25f85744a369577840b01ed9fa31e3023665cad29ac71d6162eea3d94aca3d3
Message ID: <199601192214.RAA28470@bb.hks.net>
Reply To: N/A
UTC Datetime: 1996-01-19 22:17:37 UTC
Raw Date: Fri, 19 Jan 96 14:17:37 PST
From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Fri, 19 Jan 96 14:17:37 PST
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <199601192214.RAA28470@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In article <199601190610.RAA17232@sweeney.cs.monash.edu.au>,
Jiri Baum <jirib@sweeney.cs.monash.edu.au> wrote:
> > Hack Lotus? Please do.
>
> I have no idea how Lotus actually does this, but:
>
> How about a salt determined by the forty bit part?
>
> Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
> Required Field") could contain Encrypt(Hash(s).g,BigBrother).
>
> The receiving end, knowing both s and g, could re-calculate the
> BARF and only function when it's correct. Unless it's been hacked too,
> in which case it could barf when the BARF is correct :-)
Looks good to me -- I think that should work.
I guess that goes to show my lack of creativity. :-)
I was talking to Avi Rubin from Bellcore last night, and he speculated
that maybe the 64 bit key was a fixed one, generated once at installation
time and escrowed with the government then.
With a fixed pre-escrowed key, the receiver wouldn't have to do any
checking; and it would obviate the need for a LEEF/BARF/... field.
On the other hand, it seems to me like one should be able to disable
this fixed pre-escrowed key mechanism with a little binary patch.
I guess we need hard technical details.
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBMQAXySoZzwIn1bdtAQFQxgF/d72pj3qiRVIxCBPvhBEsLwWtTiO9tibv
HEa8VbFTwMWoWY70XAMd8meFG5ktMRob
=8JMW
-----END PGP SIGNATURE-----
Return to January 1996
Return to “hallam@w3.org”