Sounds about right. 64 bit crypto in the "strong" version (which is
not that strong -- the distributed.net challenge recently broke a 64
bit key), and in the export version 24 of those 64 bits were encrypted
with an NSA backdoor key, leaving only 40 bits of key space for the
NSA to bruteforce to recover messages.
The NSA's backdoor public key is at the URL below.
http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
(The public key had an Organization name of "MiniTruth", and a Common
Name of "Big Brother" -- both Orwell "1984" references, presumably by
a lotus programmer).
Adam
On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
> "I assume everyone knows the little arrangement that lotus
> reached with the NSA over its encrypted secure email?"
>
> I'm new here, so do tell if I am wrong. Are you referring to the two levels
> of Encryption available in Bogus Notes? (ie, the North American and the
> International, the International being "legal for export".)
> At one of my previous employers, we were told the (apocryphal?) story of
> some dude who got arrested on an airplane for having the more secure version
> of Notes on his laptop.
>
>
>
> >From: "David Howe" <[EMAIL PROTECTED]>
> >To: "Email List: Cypherpunks" <[EMAIL PROTECTED]>
> >Subject: Re: Echelon-like...
> >Date: Thu, 10 Oct 2002 18:38:36 +0100
> >
> >On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote:
> > > The basic argument is that, if good encryption is available overseas
> > > or easily downloadable, it doesn't make sense to make export of it
> > > illegal.
> >Nope. The biggest name in software right now is Microsoft, who wasn't
> >willing to face down the government on this. no export version of a
> >Microsoft product had decent crypto while the export regulations were in
> >force - and the situation is pretty poor even now. If microsoft were
> >free to compete in this area (and lotus, of notes fame) then decent
> >security *built into* the operating system, the desktop document suite
> >or the email package - and life would get a lot, lot worse for the
> >spooks. I assume everyone knows the little arrangement that lotus
> >reached with the NSA over its encrypted secure email?
