> David Howe[SMTP:[EMAIL PROTECTED]] > > >> "I assume everyone knows the little arrangement that lotus > >> reached with the NSA over its encrypted secure email?" > > I'm new here, so do tell if I am wrong. Are you referring to the two > levels > > of Encryption available in Bogus Notes? > More or less, yes. Lotus knew nobody would buy a 40 bit version of their > crypto, so there is a two-level encryption all right, but not along > those lines - in the export version, some of the session key is > encrypted using a PKI "work reduction factor" key in the message header; > this section of header is important, as lotus gateways won't accept > messages that have had it disturbed. by decoding this block, the NSA > have the actual keysize they need to block reduced to the legal export > level of 40 bits; one government found this out *after* rolling it out > to all their billing and contract negotiation departments... belgum or > sweden by memory . Lotus thought it would be ok if only the NSA (and > other US government orgs) could break the key, rather than letting > everyone have an equal chance (and indeed, letting their customers know > their crypto was still only 40 bit vs USA intel agencies) > Still, even the domestic version was only 64 bits, which is painfully > small even by the standards of the day. certainly, even "strong" lotus > could have been crackable by the NSA, who after all own their own fab > plant to make custom VLSI cracking chips. > It was Sweden. They didn't really have an excuse - over a year earlier, Lotus announced their "International" version with details of the "Work Factor Reduction Field" at the RSA Conference. I immediately invented the term 'espionage enabled' to describe this feature, a term which has entered the crypto lexicon.
Peter Trei
