> ----------
> [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED] wrote:]
> Subject: Re: more re Encryption Technology Limits Eased
>
> Bill Simpson said:
> >
> > - We just learned a few weeks ago that every copy of Windows has a
> secret
> > NSA key. We don't know why. Remember the Lotus Notes secret NSA key
> > fiasco that got us in trouble with the Swedish government? How can we
> > ever compete, when nobody trusts our software?
>
> Just because I was in the middle of this and am personally sensitive to
> misinformation circulating about this, let me clarify the facts about
> this:
>
> Lotus Notes has since January '96 contained an NSA Public key. It has
> never
> been a secret. Lotus issued a press release about it at the RSA Conference
> that January and I posted a copy of that press release to cypherpunks. I
> also described it in a talk I gave at Lotusphere. It is there in support
> of the best deal we could negotiate with NSA whereby we were allowed
> to use 64 bit keys in the export version if we encrypted 24 of
> those bits under the NSA public key so that if they wanted to break a
> message they would only face a 40 bit workfactor. It is not used for
> communications between two copies of the domestic version of the product.
> The result was encryption that was as secure against the U.S. government
> as any that could legally be exported and more secure against other
> attackers.
>
> But no good deed ever goes unpunished. Periodically someone stumbles
> across that press release and reveals it as though it were some
> secret revelation. There was a PR problem in the Swedish press,
> and more recently when it was cited in a European Commission report
> on Echelon.
>
> --Charlie Kaufman
>
I concur with Charlie. It was announced at the conference,
and the press release was posted, and the issue discussed
to death on cypherpunks. It led me to coin the
term 'espionage enabled' to describe this class of
weakened security (this was before I came to work for my
current employer).
I've been slightly bemused by the Swedish government's
claims to have discovered some deep, dark secret. What
it really shows is that government's failure to do
due diligence.
Peter Trei
[EMAIL PROTECTED]
Disclaimer: I am not speaking for my employer.
