More on fortifying Lotus Notes
Charles Lindsey
chl at clw.cs.man.ac.uk
Mon, 7 Jun 1999 10:02:53 +0100
On Sun, 6 Jun 1999 15:36:50 +0100
lists@notatla.demon.co.uk said...
> The session-key leakage is 24 bits (2^24=16777216). If the same bogus
> public key gets into wide circulation among L-Fortify users then the
> NSA only has to compute 2^24 encryptions with that key and they are in
> a position about as good as they already have. This is a lookup table
> that can be stored on a single disk even if it is stored in full which
> should not be necessary.
But presumably any other bad guy who wants to decrypt Lotus messages can
also generate that table. So Lotus is already insecure against attackers
other than the NSA. (if they are sufficiently clueful and determined).
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5