At 11:49 AM -0800 1/6/98, Eric Cordian wrote:
I managed to find a document entitled "Security in Lotus Notes and the Internet" on the Web.
It describes the weakening procedure as follows.
"No matter which version of Notes you are using, encryption uses the full 64-bit key size. However, the International edition takes 24 bits of the key and encrypts it using an RSA public key for which the US National Security Agency holds the matching private key. This encrypted portion of the key is then sent with each message as an additional field, the workfactor reduction field. The net result of this is that an illegitimate hacker has to tackle 64-bit encryption, which is at or beyond the practical limit for current decryption technology and hardware. The US government, on the other hand, only has to break a 40-bit key space, which is much easier (2 to the power of 24 times easier, to be precise)."
It seems to me that if you step on the correct part of the message, you zap the encrypted 24 bits, and cut NSA out of the loop. Of course the receiver could notice and refuse to decrypt, which would require some software hacking to defeat, but that is certainly doable. ------------------------------------------------------------------------- Bill Frantz | One party wants to control | Periwinkle -- Consulting (408)356-8506 | what you do in the bedroom,| 16345 Englewood Ave. frantz@netcom.com | the other in the boardroom.| Los Gatos, CA 95032, USA