More on fortifying Lotus Notes

[Adam Back]

Ant writes:

> The session-key leakage is 24 bits (2^24=16777216).  If the same
> bogus public key gets into wide circulation among L-Fortify users
> then the NSA only has to compute 2^24 encryptions with that key and
> they are in a position about as good as they already have.  This is
> a lookup table that can be stored on a single disk even if it is
> stored in full which should not be necessary.

There is also a salt -- the random padding inside the RSA encryption.
That would prevent pre-computation.

Adam