Why the hell would anyone use lotus notes encryption for anything whatsoever?
On Fri, Oct 11, 2002 at 09:37:52AM -0400, Tyler Durden wrote: > OK, let's assume for the same of argument that it takes about 1 minute for > Echelon/NSA-like resources to break a weakly encypted lotus notes message. > And then let's assume that there's a whole LOT of these machines sitting > somewhere. > > And as the grumpy Tim May has suggested, perhaps only a small fraction of > encrypted messages are (or can be) sent for decryption. > > Then the expenditure of such resources is going to be a big statistical > optimization problem, akin to that faced in the credit card industry (eg, > in approving or declining a POS transaction). > > The gub'mint or whatever doing such monitoring will therefore probably look > for certain signs that will kick off decryption. For instance, the sporadic > use of cryptography in cetain demogrpahic areas might cause a % of those to > be sent over for routine check, particularly if there is no encryption used > by that populace, and then all of a sudden there are bursts. > > Also, changing the strength of encryption might be a kickoff, but again I > reveal I am a newbie with this question: Is it possible to determine (at > least approximately) the strength of encryption of an intercepted message? > > Then, if someone from, say, the b'Arbes neighborhood of Paris moves > suddenly from weak to strong encryption in his messaging, that would kick > off a flag somewhere sending that message for cracking. > > So if a bin Laden were smart, he should routinely use encryption for all of > his messages, even the most trivial, because the change in pattern would be > a tipoff to send his encrypted messages for hacking. > > And the there are probably less obvious, large-scale statistical patterns > indicating something's up, and causing a % of such messages to be hacked > and then sent for routine check for key words. > > > > > > >From: Adam Back <[EMAIL PROTECTED]> > >To: Tyler Durden <[EMAIL PROTECTED]> > >CC: [EMAIL PROTECTED], [EMAIL PROTECTED] > >Subject: Re: Echelon-like... > >Date: Thu, 10 Oct 2002 20:41:21 +0100 > > > >Sounds about right. 64 bit crypto in the "strong" version (which is > >not that strong -- the distributed.net challenge recently broke a 64 > >bit key), and in the export version 24 of those 64 bits were encrypted > >with an NSA backdoor key, leaving only 40 bits of key space for the > >NSA to bruteforce to recover messages. > > > >The NSA's backdoor public key is at the URL below. > > > > http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html > > > >(The public key had an Organization name of "MiniTruth", and a Common > >Name of "Big Brother" -- both Orwell "1984" references, presumably by > >a lotus programmer). > > > >Adam > > > >On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote: > >> "I assume everyone knows the little arrangement that lotus > >> reached with the NSA over its encrypted secure email?" > >> > >> I'm new here, so do tell if I am wrong. Are you referring to the two > >levels > >> of Encryption available in Bogus Notes? (ie, the North American and the > >> International, the International being "legal for export".) > >> At one of my previous employers, we were told the (apocryphal?) story of > >> some dude who got arrested on an airplane for having the more secure > >version > >> of Notes on his laptop. > >> > >> > >> > >> >From: "David Howe" <[EMAIL PROTECTED]> > >> >To: "Email List: Cypherpunks" <[EMAIL PROTECTED]> > >> >Subject: Re: Echelon-like... > >> >Date: Thu, 10 Oct 2002 18:38:36 +0100 > >> > > >> >On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: > >> > > The basic argument is that, if good encryption is available overseas > >> > > or easily downloadable, it doesn't make sense to make export of it > >> > > illegal. > >> >Nope. The biggest name in software right now is Microsoft, who wasn't > >> >willing to face down the government on this. no export version of a > >> >Microsoft product had decent crypto while the export regulations were > >in > >> >force - and the situation is pretty poor even now. If microsoft were > >> >free to compete in this area (and lotus, of notes fame) then decent > >> >security *built into* the operating system, the desktop document suite > >> >or the email package - and life would get a lot, lot worse for the > >> >spooks. I assume everyone knows the little arrangement that lotus > >> >reached with the NSA over its encrypted secure email? > > > > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx -- Harmon Seaver CyberShamanix http://www.cybershamanix.com "War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses." --- Major General Smedley Butler, 1933 "Our overriding purpose, from the beginning through to the present day, has been world domination - that is, to build and maintain the capacity to coerce everybody else on the planet: nonviolently, if possible, and violently, if necessary. But the purpose of US foreign policy of domination is not just to make the rest of the world jump through hoops; the purpose is to faciliate our exploitation of resources." - Ramsey Clark, former US Attorney General