More on fortifying Lotus Notes
Paul Crowley
paul at hedonism.demon.co.uk
06 Jun 1999 22:33:46 +0100
lists@notatla.demon.co.uk writes:
> The session-key leakage is 24 bits (2^24=16777216). If the same bogus
> public key gets into wide circulation among L-Fortify users then the
> NSA only has to compute 2^24 encryptions with that key and they are in
> a position about as good as they already have. This is a lookup table
> that can be stored on a single disk even if it is stored in full which
> should not be necessary.
Happily, those 24 bits are padded with random data before encryption
to prevent just such an attack. The padding is sent encrypted so the
WRF can be checked on receipt.
I don't have the skills for poring through binaries reversing tests.
Crackers who strip copy-protection mechanisms get very good at this
sort of thing, though programmers are also getting good at making the
cracker's job harder with some obfuscation tricks. If there's code
for checking the integrity of the public key, I'm going to be straight
out of my depth.
Can anyone think of a way of confirming a guess at which bit of the
binary might be the public key more efficient than changing it and
seeing what breaks? Notes is so full of bugs that it would be hard to
tell whether a particular change had introduced one. Where might I
find documentation of the Notes encrypted message format such that I
can see whether a given change affects the WRF?
--
__
\/ o\ paul@hedonism.demon.co.uk http://www.hedonism.demon.co.uk/paul/ \ /
/\__/ Paul Crowley Upgrade your legacy NT machines to Linux /~\