More on fortifying Lotus Notes

[Nicholas Bohm]

At 07:08 PM 6/4/1999 +0100, Paul Crowley wrote:
>Ian BROWN <I.Brown@cs.ucl.ac.uk> writes:
>> Paul Crowley wrote:
>> >Is that because Lotus has been engineered such that it's harder to
>> >reverse-engineer or modify?  Because presumably if we could find
>> >where the NSA's public key is stored in the binary, a Lotus-Fortify
>> >program could replace it with a randomly-generated one for which the
>> >private key has been discarded?
>> 
>> "Playing hide and seek with stored keys" by Adi Shamir and Nicko van
>> Someren describes how to use the high entropy of keys compared to
>> program instructions and data to find an embedded key...
>> 
>> http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf
>
>I've finally fetched and read this paper, and it seems to be pretty
>straightforward to implement.  A few questions:
>
>* What legal hurdles stand in the way of (a) using a bunch of tools to
>search the binary files that come with Notes to find the embedded
>public key, (b) publishing the key, and (c) writing a program to find
>the key and scramble it?

Check the terms of the Notes licence.  Unless the licence imposes an
explicit contractual prohibition, neither searching a file nor modifying it
(manually or automatically) are copyright infringements.  Publishing the
key would be a copyright infringement; but why bother?

Also check that the licence does not prohibit the user from modifying the
program or running the program as modified.  Users concerned about the risk
of invalidating their Notes licences by making its encryption secure
against the NSA may wish to raise the matter with Lotus.

>* How do I tell when I've found it? Do we have an example of plaintext
>and ciphertext encrypted with this key, do we know what public key
>algorithm they use and what key formats that might imply?
>
>* What should be done to the key once it's found?  Is it sufficient to 
>replace most of it with random noise, or is it important that it be
>replaced with a real key?

Presumably a single change to one bit of a public key would prevent
decipherment with the private key, since the two no longer correspond.  (If
the program somehow tests for the correctness of the public key, however,
then presumably the test must also be modified to provide the right answer
for the modified key.)

>cheers,
>-- 
>  __
>\/ o\ paul@hedonism.demon.co.uk  http://www.hedonism.demon.co.uk/paul/ \ /
>/\__/ Paul Crowley            Upgrade your legacy NT machines to Linux /~\
>
>
>
Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF