Lotus Notes
Lucky Green
shamrock at netcom.com
Thu Jan 25 12:34:11 PST 1996
At 20:02 1/23/96, JMKELSEY at delphi.com wrote:
[...]
>Now, I'm very interested in whether they thought about this as a
>potential problem, and thus padded their LEAF intelligently, or left
>themselves vulnerable to a dictionary-style attack on the LEAF.
>This translates, roughly, to "was someone with a basic understanding
>of cryptography involved in this design?" Clearly, IBM has some
>really good people, and I suspect Lotus did/does, as well. But were
>they involved enough in the implementation to ensure that this was
>done intelligently?
You are assuming that they *want* the hole to be unpatchable. I see no
reason why they should. "We tried out best, but these darn hackers found a
way to enable full 64 bits. Sorry, but we tried." Perhaps the most
intelligent thing to do was to keep the GAK subject to a simple patch.
-- Lucky Green <mailto:shamrock at netcom.com>
PGP encrypted mail preferred.
More information about the cypherpunks-legacy
mailing list