-----BEGIN PGP SIGNED MESSAGE----- In article <2.2.32.19960118195838.008a4944@mail.teleport.com>, Alan Olsen <alano@teleport.com> wrote:
I am certain that comparisons between the export and non-export (with softice and other debugger-type software) will show some interesting things.
Hack Lotus? Please do. I would love to see the internals of how Lotus Notes does the escrow. Every conceivable way I can see to do it seems very vulnerable to attack. If the receiving Lotus Notes program doesn't check whether the high 24 bits have been escrowed correctly in the LEEF-like field, then a simple hack to the sending Lotus Notes program to not send the LEEF field should give foreigners true 64 bit encryption. [LEEF = Law-enforcement / Espionage Exploitation Field = the RSA-encrypted high 24 bits of the key] If the receiving Lotus Notes program does verify that the high 24 bits are escrowed correctly, then anyone can verify that, so in 2^24 trials, I can recover the high 24 bits, and with 2^40 more trials, I can recover the high 40 bits. Therefore 2^40 + 2^24 trials should suffice to hack Lotus if this is how it works. Or maybe it works in some other crazy manner. Waiting to hear the technical details of how it works, - -- Dave Wagner - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMP751yoZzwIn1bdtAQGvzgF/RPhioKYfwXcqHoDCwyyVHZFgyR26KQCz swwAnSDPydO5jKFjFNK5XaM9XRh2Vi3a =HLSf -----END PGP SIGNATURE-----