1996-07-31 - Re: Paranoid Musings

Header Data

From: “Deranged Mutant” <WlkngOwl@unix.asb.com>
To: frantz@netcom.com (Bill Frantz)
Message Hash: 7096e7b73e6a8359a6ac5ef898a687f9bf3e49d52f3487591fd96fbe571a7d59
Message ID: <199607310938.FAA19959@unix.asb.com>
Reply To: N/A
UTC Datetime: 1996-07-31 12:39:16 UTC
Raw Date: Wed, 31 Jul 1996 20:39:16 +0800

Raw message

From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 31 Jul 1996 20:39:16 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Paranoid Musings
Message-ID: <199607310938.FAA19959@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Jul 96 at 11:13, Bill Frantz wrote:
[..]
> (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 

Differentiate between the cipher and the key-initialization.  There 
may be a flaw in how the key is set up that can make brute-force 
searches easier.  Known plaintext of a few headers may also help in 
guessing the s-box state, even if partially: combined with flaws in 
the key, this could be exploited, especially if one has a lot of 
experience and computing power handy.

[..]
> (2) What did Microsoft give up to export its crypto API?
> 
> Well, if you were a TLA, what would you want.  I think I would want an
> agreement to be able to insert my own code in that vendor's products.  Then
> I would be able to have widely distributed Trojan horses signed by the
> vendor.  I would have the opportunity to significantly weaken standardized
> crypto systems installed world wide.

Risky.  Code can always be reverse engineered.  If a flaw is 
exploited in too-strong an algorithm (3DES and 4k-bit RSA keys, for 
instance) to prosecute various people, somebody might notice. If US 
companies seem to magically have proprietary info from foreign 
companies, this would also be a sign of suspicion.   I think the
C[r]API will be used as a form of mandating GAK instead.

Rob





> 
> 
> Conspiracy theorists, start your mailers.
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
> (408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
> frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA
> 
> 
> 
> 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.





Thread