-----BEGIN PGP SIGNED MESSAGE----- In <v0311070eb0d8be53e6a8@[207.94.249.133]>, on 01/07/98 at 12:10 AM, Bill Frantz <frantz@netcom.com> said:
At 11:49 AM -0800 1/6/98, Eric Cordian wrote:
I managed to find a document entitled "Security in Lotus Notes and the Internet" on the Web.
It describes the weakening procedure as follows.
"No matter which version of Notes you are using, encryption uses the full 64-bit key size. However, the International edition takes 24 bits of the key and encrypts it using an RSA public key for which the US National Security Agency holds the matching private key. This encrypted portion of the key is then sent with each message as an additional field, the workfactor reduction field. The net result of this is that an illegitimate hacker has to tackle 64-bit encryption, which is at or beyond the practical limit for current decryption technology and hardware. The US government, on the other hand, only has to break a 40-bit key space, which is much easier (2 to the power of 24 times easier, to be precise)."
It seems to me that if you step on the correct part of the message, you zap the encrypted 24 bits, and cut NSA out of the loop. Of course the receiver could notice and refuse to decrypt, which would require some software hacking to defeat, but that is certainly doable.
Wouldn't it be much better just to not use the crap?!? Why should we give our money to a company that has shown that they will sell us out at the first chance of making a buck doing so?? - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNLPLlY9Co1n+aLhhAQHt5gP+NtHd38qR7JcqpL1hCxdk4Tz1N239kIIm 7V6vmiM76oinIDXmsgJoZN9NgLdI8kd7otJt1nLOlEkbGpZ9lAn69pdeB0BzAM2Q OOXhPsy6AzB3y/wdMY2wXpgmTAIT5CpW/014NqtBLIgoL2g2pXseTe416OixxBDv m9aJKKvHgb0= =Us1n -----END PGP SIGNATURE-----