Bill Simpson said:
>
> - We just learned a few weeks ago that every copy of Windows has a secret
> NSA key. We don't know why. Remember the Lotus Notes secret NSA key
> fiasco that got us in trouble with the Swedish government? How can we
> ever compete, when nobody trusts our software?
Just because I was in the middle of this and am personally sensitive to
misinformation circulating about this, let me clarify the facts about this:
Lotus Notes has since January '96 contained an NSA Public key. It has never
been a secret. Lotus issued a press release about it at the RSA Conference
that January and I posted a copy of that press release to cypherpunks. I
also described it in a talk I gave at Lotusphere. It is there in support
of the best deal we could negotiate with NSA whereby we were allowed
to use 64 bit keys in the export version if we encrypted 24 of
those bits under the NSA public key so that if they wanted to break a
message they would only face a 40 bit workfactor. It is not used for
communications between two copies of the domestic version of the product.
The result was encryption that was as secure against the U.S. government
as any that could legally be exported and more secure against other
attackers.
But no good deed ever goes unpunished. Periodically someone stumbles
across that press release and reveals it as though it were some
secret revelation. There was a PR problem in the Swedish press,
and more recently when it was cited in a European Commission report
on Echelon.
--Charlie Kaufman
