At 11:30 AM -0800 1/6/98, Eric Cordian wrote:
Could someone poke through Lotus Notes with a debugger and see exactly how this "giving 24 bits to the government" is implemented?
Most commercial software simply introduces redundancy in order to limit the keyspace to 40 bits, regardless of the advertised length of the key. This claim that they deliver 64 bits of key to the customer seems a bit bogus.
Of course, they could have done something clever, like generating a completely random 64 bit key, and then encrypting 24 bits of it with a giant government-owned RSA public key, and including this additional information with each message. However, it seems unlikely that they would employ such strong encryption for message recovery, while offering only 64 bits for message encryption.
Is Lotus Notes encryption documented anywhere? Are the differences between the export and domestic versions disclosed to overseas customers?
Ray Ozzie, founder of Iris, the company which developed Notes and sold it to Lotus, discussed his "40 + 24" hack a couple of years ago. It was met with much derision in the community. (He sent me a nice letter explaining his motivations for the 40 + 24 hack, but I was of course unconvinced. BTW, my recollection was that they were trying to get the industry to adopt this as a way of satisfying _domestic_ calls for GAK, not just for export to those dumb Swedes :-}). --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."