17 Dec
2003
17 Dec
'03
11:17 p.m.
I've been thinking about how I would do the lotus hack. I certainly would not be wanting to do a public key operation for the benefit of the government on every message. How about the following: During installation of program: Select a random key ER, encrypt it under the govt. public key to give Eg(ER). To start encrypting, chose a random value R, encrypt under destination public key to give Ek(R) set 40 bits of R to 0 to produce R' Encrypt R' under ER to give E-ER(R') Hash R, E-ER(R') and Eg(ER) with a one way function (MDMF like) to produce the actual key. Send across Ek(R), E-ER(R'), Eg(ER) To decrypt the message one needs the information for the escrow authority. Phill