-----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks@toad.com and daw@beijing.CS.Berkeley.EDU (David A Wagner) ...
Hack Lotus? Please do. ... If the receiving Lotus Notes program does verify that the high 24 bits are escrowed correctly, then anyone can verify that, so in 2^24 trials, I can recover the high 24 bits, and with 2^40 more trials, I can recover the high 40 bits. Therefore 2^40 + 2^24 trials should suffice to hack Lotus if this is how it works. ...
I have no idea how Lotus actually does this, but: How about a salt determined by the forty bit part? Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access Required Field") could contain Encrypt(Hash(s).g,BigBrother). The receiving end, knowing both s and g, could re-calculate the BARF and only function when it's correct. Unless it's been hacked too, in which case it could barf when the BARF is correct :-) Would that work or have I missed something? As I said, I've no idea what Lotus actually does. Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMP81zCxV6mvvBgf5AQGcZgP+PZyX+uZsHcG/RM29onq8d7FB402nHiqM QgZi6dXb7AkilYrw0YGt1fDDzi1W7+0bufmX2sa02r6Yh/MkJ8Lw+O/WHYau5eDP XC91pTFQHAYlvi9zNIKoclh1x2Z3dDUkly5yBA3nAhDuY2tcteop8nPLewA49qm5 H61a7l3o+Ys= =Prxc -----END PGP SIGNATURE-----