More on fortifying Lotus Notes
lists@notatla.demon.co.uk
lists at notatla.demon.co.uk
Sun, 6 Jun 1999 15:36:50 +0100
I found the article I referred to. I got it from an ftp server in Italy,
maybe in September 1994. Let me know off list of you want it.
I also thought I should explain why in my last post I thought
it was easier to act on a program by neutralising a test than by
making the (bogus) public keys match at both ends of the communication.
The session-key leakage is 24 bits (2^24=16777216). If the same bogus
public key gets into wide circulation among L-Fortify users then the
NSA only has to compute 2^24 encryptions with that key and they are in
a position about as good as they already have. This is a lookup table
that can be stored on a single disk even if it is stored in full which
should not be necessary.
If all versions of Notes are using different keys for the NSA, and changing
them periodically then this is much better. To attack a single user they
will then have to crack the whole 64-bit session key and derive what
information they can from that (perhaps from serveral messages) about the
public key.
Only when studying the public key becomes pointless and they attack only
session keys (itself not a major task) will the Lotus trapdoor be removed.