David Howe DaveHowe at
Thu Oct 10 12:01:12 PDT 2002

>> "I assume everyone knows the little arrangement that lotus
>> reached with the NSA over its encrypted secure email?"
> I'm new here, so do tell if I am wrong. Are you referring to the two
> of Encryption available in Bogus Notes?
More or less, yes. Lotus knew nobody would buy a 40 bit version of their
crypto, so there is a two-level encryption all right, but not along
those lines - in the export version, some of the session key is
encrypted using a PKI "work reduction factor" key in the message header;
this section of header is important, as lotus gateways won't accept
messages that have had it disturbed. by decoding this block, the NSA
have the actual keysize they need to block reduced to the legal export
level of 40 bits; one government found this out *after* rolling it out
to all their billing and contract negotiation departments... belgum or
sweden by memory . Lotus thought it would be ok if only the NSA (and
other US government orgs) could break the key, rather than letting
everyone have an equal chance (and indeed, letting their customers know
their crypto was still only 40 bit vs USA intel agencies)
Still, even the domestic version was only 64 bits, which is painfully
small even by the standards of the day. certainly, even "strong" lotus
could have been crackable by the NSA, who after all own their own fab
plant to make custom VLSI cracking chips.

More information about the cypherpunks-legacy mailing list