More on fortifying Lotus Notes
Charles Lindsey
chl at clw.cs.man.ac.uk
Mon, 7 Jun 1999 10:06:38 +0100
On Sun, 06 Jun 1999 12:41:03 +0100
Duncan Campbell <duncan@gn.apc.org> said...
>
> To prevent you giving NSA its present of the WRF, Lotus Notes 4
> International Edition works as follows.
>
> 1. The full session key is sent encrypted - presumably as part of the RSA
> session set up.
>
> 2. The recipient programme looks for the WRF and extracts it.
>
> 3. Using NSA's public key, it re-encrypts the 24 bit section of the session
> key.
>
> 4. It then compares the result of that encryption with the WRF. If the two
> do not match, then it will refuse to decrypt the incoming message.
So this suggests that a Lotus Fortify would have to not send the WRF at
all, and instead send the necessary incantations to make it look like
a message originating from the N. American version. Doesn't sound that
much more difficult.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5