"Peter Trei" writes:
Think it through. [...] 8 Bob's copy of lotus repeats steps 4 & 5 above, and checks if it's version of Epe(K') matches the one sent.
Hmm, it could, but it isn't going to be trivial unless the thing is running straight RSA without a random pad. If it isn't randomly padding, then it possible to make a table of the 2^24 possible encryptions and break traffic without knowing the RSA key the government uses. It would require about 16GB of storage, granted, but that isn't exactly impossible in todays world -- that only costs about $4000. It would also require a lot of CPU, but not an impossible amount and the investment would be one time. Given such a table properly indexed, you could crack any passing key just by indexing to find out three bytes of the 64 bit key and then go after the other 40 in fairly short order. That would make a new "Hack IBM" (Lotus is owned by them) promotion on C2 rather fun! If they are randomly padding, then they would have to send the pad along, presumably encrypted under the RC4 key or under Bob's RSA key. Someone has to deconstruct the code. At this point, we are starting to fly off into the world of speculation.
Of course, I'll point out that 64 bit RC4 keys are still not particularly heartwarming...
Granted, but we don't know if they use RC4, DES, or what.
They are RC4 if they haven't changed that part of the design. Perry