At 05:14 PM 1/19/96 -0500, daw@quito.CS.Berkeley.EDU (David A Wagner) wrote:
I was talking to Avi Rubin from Bellcore last night, and he speculated that maybe the 64 bit key was a fixed one, generated once at installation time and escrowed with the government then.
To do that, the user's system have to communicate with the government, which would be unlikely and avoidable. Alternatively, if Lotus is willing to release copies with different serial numbers (either on the disk or printed on the label), the installation process could include public-key encrypting a 64-bit key for the user with the GAK key, generating a (say) 512-bit encrypted key which could be dragged around in the headers or (if they wanted to minimize overhead) handed out in 64-bit chunks with every message or some such silliness. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281 # # "Eternal vigilance is the price of liberty" used to mean us watching # the government, not the other way around....