Lotus, NSA sing in same key

David K. Merriman merriman at arn.net
Wed Jan 24 14:56:34 PST 1996 

Article of that title in Jan 22 issue of EE Times:

"San Francisco - IBM subsidiary Lotus Development Corp. offered an olive branch of sorts to the National Security Agency (NSA) last week, at the opening of the RSA Data Security Conference at the Fairmont Hotel. The Iris Associates unit of Lotus that developed Lotus Notes will be able to ship an international version with the equivalent [!!] of 64-bit encryption, using a concept Lotus calls "Differential Workfactor Cryptography".
In the past, NSA has blocked the State Department from issuing broad licenses for packages with encryption of 40 bits or stronger. The Business Software Alliance argues that this has jeopardized sales of U.S. software overseas. The NSA has unsuccessfully tried to get U.S. manufacturers to use the Clipper chip or its software equivalent (based on a classified encryption algorithm) or an unclassified "key escrow" algorithm in which decryption keys must be held by third parties. OEMs have rejected all key-escrow concepts and have demanded international export rights for public-key cryptography methods promoted by vendors such as RSA.
Lotus's compromise with the NSA concedes the agency's right to conduct signals intelligence on foreign targets. The encryption in Notes Release 4 is based on a 64-bit random number. But for the exported version of Release 4, the NSA generates a public-key algorithm and encrypts 24 bits of the key using the public RSA key. The result of this operation, the Workfactor Reduction Field [!?], is bound to the encrypted data. Foreign hackers will find the encrypted messages as difficult to decrypt as a message with a 64-bit RSA key, but the NSA will find it as easy to crack as a message with a 40-bit key."

EE Times, Jan 22, 1996, page 116 sidebar
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148

More information about the cypherpunks-legacy mailing list