1998-01-06 - Ray Ozzie and the Lotus Notes “40 + 24” GAK Hack

Header Data

From: Tim May <tcmay@got.net>
To: cypherpunks@Algebra.COM
Message Hash: bdbf1873c147392e0c3db4881930defb3e25e9fd762ec54e6e210bbbf7c6c1cf
Message ID: <v03102803b0d847b7958d@[207.167.93.63]>
Reply To: <199801061930.NAA09848@wire.insync.net>
UTC Datetime: 1998-01-06 20:50:48 UTC
Raw Date: Wed, 7 Jan 1998 04:50:48 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Wed, 7 Jan 1998 04:50:48 +0800
To: cypherpunks@Algebra.COM
Subject: Ray Ozzie and the Lotus Notes "40 + 24" GAK Hack
In-Reply-To: <199801061930.NAA09848@wire.insync.net>
Message-ID: <v03102803b0d847b7958d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 11:30 AM -0800 1/6/98, Eric Cordian wrote:
>Could someone poke through Lotus Notes with a debugger and see exactly how
>this "giving 24 bits to the government" is implemented?
>
>Most commercial software simply introduces redundancy in order to limit
>the keyspace to 40 bits, regardless of the advertised length of the key.
>This claim that they deliver 64 bits of key to the customer seems a bit
>bogus.
>
>Of course, they could have done something clever, like generating a
>completely random 64 bit key, and then encrypting 24 bits of it with a
>giant government-owned RSA public key, and including this additional
>information with each message.  However, it seems unlikely that they would
>employ such strong encryption for message recovery, while offering only 64
>bits for message encryption.
>
>Is Lotus Notes encryption documented anywhere?  Are the differences
>between the export and domestic versions disclosed to overseas customers?

Ray Ozzie, founder of Iris, the company which developed Notes and sold it
to Lotus, discussed his "40 + 24" hack a couple of years ago. It was met
with much derision in the community.

(He sent me a nice letter explaining his motivations for the 40 + 24 hack,
but I was of course unconvinced. BTW, my recollection was that they were
trying to get the industry to adopt this as a way of satisfying _domestic_
calls for GAK, not just for export to those dumb Swedes :-}).

--Tim May


The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








Thread