Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
// : >The new overseas version of Notes, tagged Release 4, will give // : >foreign users 64-bit security. But to get permission to export // : >the software, Lotus agreed to give the government access to 24 // : >of those bits by using a special 24-bit key supplied by the // That was the question that came to mind when I read the article, too. // How exactly are they planning on implementing this? Looks straightforward to me. Any time a bulk key is generated (aka session key), take a known number of bits in a known location (top n or bottom n) and encrypt those with the public key of the agent you want to give the n key bits to. Then send the encrypted key bits as part of the message protocol. This is similar to what Netscape's SSL does, except that the top n bits of an SSL key are a public part of the exchange, and the top n bits of a Notes key are only readable by the private key holder (which is presumably in the hands of every major government agency that cares). Neither give away the entire key directly, so it's not a trivial decoding operation. But 40 bits isn't terribly difficult to decode either. The advantage, as seen by many people, is that the full key is much larger in the Notes implementation style so non-governmental attackers have a much harder problem to solve in order to crack the message. This is roughly akin to what ViaCrypt has announced for their next PGP release. You have a public key for the "escrow" agent, and every person who encrypts using PGP would add (or would have added by PGP) the agent to the list of recipients. The message might not be given to the agent, but if it lands in their hands, they will be able to decrypt it. GAK is reasonable, to those who trust the government. Now the subset of this list who do so may be a much smaller percentage than the subset of the VPs of IS that do. But that's a different message. -- - david d `zoo' zuhn -| armadillo zoo software -- St. Paul, Minnesota -- zoo@armadillo.com --| unix generalist (and occasional specialist) ------------------------+ http://www.armadillo.com/ for more information pgp key upon request +----------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hello "david d `zoo' zuhn" <zoo@armadillo.com> and wendigo@pobox.com (Mark Rogaski), cypherpunks@toad.com ...
// : >of those bits by using a special 24-bit key supplied by the
// That was the question that came to mind when I read the article, too. // How exactly are they planning on implementing this?
Looks straightforward to me. Any time a bulk key is generated (aka session key), take a known number of bits in a known location (top n or bottom n) and encrypt those with the public key of the agent you want to give the n key bits to. ...
Not so easy - as somebody pointed out in another thread, this will be very easy to brute - only 2^24 cleartexts to try... You have to put in some salt to prevent this. If you want the recipient to be able to check that the key is correctly there, you need to make the salt known to both (eg a 1-way hash of the whole key). You might want to do this to make the program refuse to interoperate with hacked versions. ...
Neither give away the entire key directly, so it's not a trivial decoding operation. But 40 bits isn't terribly difficult to decode either.
The advantage, as seen by many people, is that the full key is much larger in the Notes implementation style so non-governmental attackers have a much harder problem to solve in order to crack the message. ...
I suppose it'll be safe for a while yet (esp. for session keys), but has anyone multiplied that graphics-workstation-40bit price by 2^24? It's only 10 billion! (billion=10^9) A lot of money, sure, but given that it's not very expensive to go to 128 bits or more, why ??? (Please, do NOT post c*nspiracy theories --- they are obvious to everyone and therefore unpatentable.) ...
GAK is reasonable, to those who trust the government. Now the subset of this list who do so may be a much smaller percentage than the subset of the VPs of IS that do. But that's a different message. ...
Now how about the percentage of *foreign* people who trust the US govt.? Given that it has said that it'll spy commercially... (if memory serves). Hope I'm making sense... (well, they say "hope dies last"...) Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMP9n2ixV6mvvBgf5AQEmYAQAuaEVsUgZ/W5FwMC9gJdLUN73UTi4A+ur KE32A3sQrlC0yFIkRgfjusRu7emJQjlTphJVX/Zwb4l4nwF+1eDpstELL9ccKpW2 E+hvLF2Qn8mqdTFnkHWKAvAqGUcNFm8thPcDzmgGnKMFGODZJnNyI/DfgikLzdQw asjL5+/9RWs= =2K0T -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- // I suppose it'll be safe for a while yet (esp. for session keys), but // has anyone multiplied that graphics-workstation-40bit price by 2^24? // It's only 10 billion! (billion=10^9) A lot of money, sure, but given // that it's not very expensive to go to 128 bits or more, why ??? Probably to satisfy the spirit of the proposed new export regulations that require a max of 64 bits. They would have to get US Gov't approval for this workfactor-reduction export as well, so there could be additional pressure applied to keep it to 64 bits. What if the workfactor-reduction bits got encrypted with a different key that the Gov't didn't have (via a patch binary for example)? Then the work is only 64 bits and not 128. Given the size of the NSA budgets, the equipment to break 64 bits is almost certainly available. They'd probably much rather break 2^24 40 bit key than 1 64 bit key, but they'll do what they have to in order to make sure they can read the keys. // Now how about the percentage of *foreign* people who trust the US govt.? // Given that it has said that it'll spy commercially... (if memory // serves). Memory serves me oppositely -- denial that it has done so in the past and saying that they would not do so in the future. This came a couple of months ago during trade negotiations with the Japanese government. - -- - - david d `zoo' zuhn -| armadillo zoo software -- St. Paul, Minnesota - -- zoo@armadillo.com --| unix generalist (and occasional specialist) - ------------------------+ http://www.armadillo.com/ for more information pgp key upon request +---------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMP97Cu80ah2ymxnRAQGquQP+LXaSHcPvbVfntcyw+f86am9fbyzWwITE fpIl13Hp560BXFnF/gQCGt1a87aShEIqQbhkOEHTty2ORjOrGHExjxYWZTuZS/UI JyfhN/n/0oi7yGHk5BSN31PtnFKU7JbLyBKAujaUvsmPGttz+8Hr+wZXhEwzJ4XA Cl3OAO2AAAg= =Npod -----END PGP SIGNATURE----- [ At home now, so it's signed...]
participants (2)
-
david d `zoo' zuhn -
Jiri Baum