Hack Lotus?
David A Wagner
daw at quito.CS.Berkeley.EDU
Fri Jan 19 14:17:37 PST 1996
-----BEGIN PGP SIGNED MESSAGE-----
In article <199601190610.RAA17232 at sweeney.cs.monash.edu.au>,
Jiri Baum <jirib at sweeney.cs.monash.edu.au> wrote:
> > Hack Lotus? Please do.
>
> I have no idea how Lotus actually does this, but:
>
> How about a salt determined by the forty bit part?
>
> Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
> Required Field") could contain Encrypt(Hash(s).g,BigBrother).
>
> The receiving end, knowing both s and g, could re-calculate the
> BARF and only function when it's correct. Unless it's been hacked too,
> in which case it could barf when the BARF is correct :-)
Looks good to me -- I think that should work.
I guess that goes to show my lack of creativity. :-)
I was talking to Avi Rubin from Bellcore last night, and he speculated
that maybe the 64 bit key was a fixed one, generated once at installation
time and escrowed with the government then.
With a fixed pre-escrowed key, the receiver wouldn't have to do any
checking; and it would obviate the need for a LEEF/BARF/... field.
On the other hand, it seems to me like one should be able to disable
this fixed pre-escrowed key mechanism with a little binary patch.
I guess we need hard technical details.
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBMQAXySoZzwIn1bdtAQFQxgF/d72pj3qiRVIxCBPvhBEsLwWtTiO9tibv
HEa8VbFTwMWoWY70XAMd8meFG5ktMRob
=8JMW
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list