-----BEGIN PGP SIGNED MESSAGE----- In article <199601190610.RAA17232@sweeney.cs.monash.edu.au>, Jiri Baum <jirib@sweeney.cs.monash.edu.au> wrote:
Hack Lotus? Please do.
I have no idea how Lotus actually does this, but:
How about a salt determined by the forty bit part?
Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access Required Field") could contain Encrypt(Hash(s).g,BigBrother).
The receiving end, knowing both s and g, could re-calculate the BARF and only function when it's correct. Unless it's been hacked too, in which case it could barf when the BARF is correct :-)
Looks good to me -- I think that should work. I guess that goes to show my lack of creativity. :-) I was talking to Avi Rubin from Bellcore last night, and he speculated that maybe the 64 bit key was a fixed one, generated once at installation time and escrowed with the government then. With a fixed pre-escrowed key, the receiver wouldn't have to do any checking; and it would obviate the need for a LEEF/BARF/... field. On the other hand, it seems to me like one should be able to disable this fixed pre-escrowed key mechanism with a little binary patch. I guess we need hard technical details. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMQAXySoZzwIn1bdtAQFQxgF/d72pj3qiRVIxCBPvhBEsLwWtTiO9tibv HEa8VbFTwMWoWY70XAMd8meFG5ktMRob =8JMW -----END PGP SIGNATURE-----
I've been thinking about how I would do the lotus hack. I certainly would not be wanting to do a public key operation for the benefit of the government on every message. How about the following: During installation of program: Select a random key ER, encrypt it under the govt. public key to give Eg(ER). To start encrypting, chose a random value R, encrypt under destination public key to give Ek(R) set 40 bits of R to 0 to produce R' Encrypt R' under ER to give E-ER(R') Hash R, E-ER(R') and Eg(ER) with a one way function (MDMF like) to produce the actual key. Send across Ek(R), E-ER(R'), Eg(ER) To decrypt the message one needs the information for the escrow authority. Phill
Pardon my lack of faith in most crypto implementations, but do you think it is possible that (in the first version of Notes at least) the escrowed 24-bits will just be stored plaintext in the executable? In which case, a little disassembly, and we can create a hack to enable all 64-bits. (Of course, communications from this hacked version will only be readable by other hacked versions or US versions.) Anyone else think is probable? -James
participants (3)
-
daw@quito.CS.Berkeley.EDU -
grimm@MIT.EDU -
hallam@w3.org