Ray Ozzie and the Lotus Notes "40 + 24" GAK Hack

[Tim May]

At 11:30 AM -0800 1/6/98, Eric Cordian wrote:
>Could someone poke through Lotus Notes with a debugger and see exactly how
>this "giving 24 bits to the government" is implemented?
>
>Most commercial software simply introduces redundancy in order to limit
>the keyspace to 40 bits, regardless of the advertised length of the key.
>This claim that they deliver 64 bits of key to the customer seems a bit
>bogus.
>
>Of course, they could have done something clever, like generating a
>completely random 64 bit key, and then encrypting 24 bits of it with a
>giant government-owned RSA public key, and including this additional
>information with each message.  However, it seems unlikely that they would
>employ such strong encryption for message recovery, while offering only 64
>bits for message encryption.
>
>Is Lotus Notes encryption documented anywhere?  Are the differences
>between the export and domestic versions disclosed to overseas customers?

Ray Ozzie, founder of Iris, the company which developed Notes and sold it
to Lotus, discussed his "40 + 24" hack a couple of years ago. It was met
with much derision in the community.

(He sent me a nice letter explaining his motivations for the 40 + 24 hack,
but I was of course unconvinced. BTW, my recollection was that they were
trying to get the industry to adopt this as a way of satisfying _domestic_
calls for GAK, not just for export to those dumb Swedes :-}).

--Tim May


The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."