More on fortifying Lotus Notes

[Duncan Campbell]

Edinburgh
6 June 99

NSA Workfactor Restoration (NWR ???) for Lotus Notes NSA Trapdoor Edition

Sorry folks, its a little bit harder than you think.

At 06/06/99 11:42 , you wrote:
>At 07:08 PM 6/4/1999 +0100, Paul Crowley wrote:
> >Ian BROWN <I.Brown@cs.ucl.ac.uk> writes:
> >> Paul Crowley wrote:
> >> >Is that because Lotus has been engineered such that it's harder to
> >> >reverse-engineer or modify?  Because presumably if we could find
> >> >where the NSA's public key is stored in the binary, a Lotus-Fortify
> >> >program could replace it with a randomly-generated one for which the
> >> >private key has been discarded?

[...]

>Presumably a single change to one bit of a public key would prevent
>decipherment with the private key, since the two no longer correspond.  (If
>the program somehow tests for the correctness of the public key, however,
>then presumably the test must also be modified to provide the right answer
>for the modified key.)

To prevent you giving NSA its present of the WRF,  Lotus Notes 4 
International Edition works as follows.

1. The full session key is sent encrypted - presumably as part of the RSA 
session set up.

2. The recipient programme looks for the WRF and extracts it.

3. Using NSA's public key, it re-encrypts the 24 bit section of the session 
key.

4. It then compares the result of that encryption with the WRF.  If the two 
do not match, then it will refuse to decrypt the incoming message.

Therefore, your Lotus Fortify patch will have to operate on both sender and 
recipient.   If you can get to the NSA public key inside both functions, 
and change each in the same way, then does that work?
I would presume so but list members will know if that intuition is right.