Re: Silly Shrinkwrapped Encryption
Eric Cordian says:
Could someone poke through Lotus Notes with a debugger and see exactly how this "giving 24 bits to the government" is implemented?
Lotus produced a "backgrounder" called "Differential Workfactor Cryptography" when they first promulgated the 64/40 stuff. It says (in part): We do that by encrypting 24 of the 64 bits under a public RSA key provided by the U.S. government and binding the encrypted partial key to the encrypted data. I haven't seen the USG RSA key -- if it's 512 bits, that would be a humorous next factoring target. Jim Gillogly 15 Afteryule S.R. 1998, 20:02 12.19.4.14.15, 12 Men 13 Kankin, Seventh Lord of Night
Jim Gillogly <jim@mentat.com> writes:
Eric Cordian says:
Could someone poke through Lotus Notes with a debugger and see exactly how this "giving 24 bits to the government" is implemented?
Lotus produced a "backgrounder" called "Differential Workfactor Cryptography" when they first promulgated the 64/40 stuff. It says (in part):
We do that by encrypting 24 of the 64 bits under a public RSA key provided by the U.S. government and binding the encrypted partial key to the encrypted data.
I haven't seen the USG RSA key -- if it's 512 bits, that would be a humorous next factoring target.
It would be humorous to even have the modulus and exponent -- if someone can obtain them, I'll package it up as a working PGP key, and give it user id of Spook GAK key <dirnsa@nsa.gov>, and submit to the keyservers. Then we have solved the key escrow implementation problems for the US government -- anyone who wants to send them a message can simply add DIRNSA to the list of recipeints. I don't have a copy of Notes, otherwise I thought this a most fun exploit to attempt. The above "solution" to key escrow infra-structure calls from Freeh etc., should be credited to Carl Ellison; probably others have proposed it also. Carl offered to sign some cheif spooks key, if he would generate one for the purpose, cheif spook declined the offer. I observed a few times before that now that Lotus have organised with the NSA to produce such a key, we can do the job of implementing the voluntary key escrow infrastructure for them. (It is voluntary right?) Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
On Tue, 6 Jan 1998, Adam Back wrote:
It would be humorous to even have the modulus and exponent -- if someone can obtain them, I'll package it up as a working PGP key, and give it user id of Spook GAK key <dirnsa@nsa.gov>, and submit to the keyservers. Then we have solved the key escrow implementation problems for the US government -- anyone who wants to send them a message can simply add DIRNSA to the list of recipeints.
This would be truly hilarious. Anybody out there with a copy of Notes and a debugger? :-) -- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred. "Tonga? Where the hell is Tonga? They have Cypherpunks there?"
Adam Back wrote: | The above "solution" to key escrow infra-structure calls from Freeh | etc., should be credited to Carl Ellison; probably others have | proposed it also. Carl offered to sign some cheif spooks key, if he | would generate one for the purpose, cheif spook declined the offer. That was Phil Karn to NSA legal counsel at the Computers Freedom and Privacy conference in Burlingame, 1994 or 1995. I don't recall hearing it before that. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
I haven't seen the USG RSA key -- if it's 512 bits, that would be a humorous next factoring target.
Talking of factoring I wonder if anyone on the list has seen the article in this months new scientist regarding a new link found between energy levels in hydrogen atoms and generation of large primes, I don`t remember the details (I only scanned the article as even the elementary explanation of the physics involved was beyond me), The thrust of the article was that work was in progress on a variant of this that could factor large numbers significantly faster than current methods. Anyone with more background in this sort of thing care to comment? Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
participants (5)
-
Adam Back -
Adam Shostack -
jim@mentat.com -
Lucky Green -
Paul Bradley