From: “William H. Geiger III” <whgiii@invweb.net>
To: Bill Frantz <frantz@netcom.com>
Message Hash: f92e0be749b7f70084fa02a6a058cae93cf9318e58dd0b14a95cef06ca18dffa
Message ID: <199801071847.NAA28200@users.invweb.net>
Reply To: <v0311070eb0d8be53e6a8@[207.94.249.133]>
UTC Datetime: 1998-01-07 18:44:53 UTC
Raw Date: Thu, 8 Jan 1998 02:44:53 +0800
From: "William H. Geiger III" <whgiii@invweb.net>
Date: Thu, 8 Jan 1998 02:44:53 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Silly Shrinkwrapped Encryption
In-Reply-To: <v0311070eb0d8be53e6a8@[207.94.249.133]>
Message-ID: <199801071847.NAA28200@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In <v0311070eb0d8be53e6a8@[207.94.249.133]>, on 01/07/98
at 12:10 AM, Bill Frantz <frantz@netcom.com> said:
>At 11:49 AM -0800 1/6/98, Eric Cordian wrote:
>>I managed to find a document entitled "Security in Lotus Notes and the
>>Internet" on the Web.
>>
>>It describes the weakening procedure as follows.
>>
>> "No matter which version of Notes you are using, encryption uses the
>> full 64-bit key size. However, the International edition takes 24 bits
>> of the key and encrypts it using an RSA public key for which the US
>> National Security Agency holds the matching private key. This
>> encrypted portion of the key is then sent with each message as an
>> additional field, the workfactor reduction field. The net result of
>> this is that an illegitimate hacker has to tackle 64-bit encryption,
>> which is at or beyond the practical limit for current decryption
>> technology and hardware. The US government, on the other hand, only
>> has to break a 40-bit key space, which is much easier (2 to the power
>> of 24 times easier, to be precise)."
>It seems to me that if you step on the correct part of the message, you
>zap the encrypted 24 bits, and cut NSA out of the loop. Of course the
>receiver could notice and refuse to decrypt, which would require some
>software hacking to defeat, but that is certainly doable.
Wouldn't it be much better just to not use the crap?!?
Why should we give our money to a company that has shown that they will
sell us out at the first chance of making a buck doing so??
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNLPLlY9Co1n+aLhhAQHt5gP+NtHd38qR7JcqpL1hCxdk4Tz1N239kIIm
7V6vmiM76oinIDXmsgJoZN9NgLdI8kd7otJt1nLOlEkbGpZ9lAn69pdeB0BzAM2Q
OOXhPsy6AzB3y/wdMY2wXpgmTAIT5CpW/014NqtBLIgoL2g2pXseTe416OixxBDv
m9aJKKvHgb0=
=Us1n
-----END PGP SIGNATURE-----
Return to January 1998
Return to ““William H. Geiger III” <whgiii@invweb.net>”