--- begin forwarded text
Status: U Date: Tue, 19 Mar 2002 01:30:13 +0000 From: Adam Back <[EMAIL PROTECTED]> To: Cypherpunks <[EMAIL PROTECTED]> Subject: (old note contd.) lotus-notes NSA key as PGP key User-Agent: Mutt/1.2.2i Sender: [EMAIL PROTECTED] I was looking for a file in my collection of archived stuff recently and came across my attempts to reverse engineer the NSA's RSA public key out of lotus notes. I think I never did publicly post the RSA key that I found. So here it is as a PGP key, the name associated with this key in Lotus Notes visible under the debugger was: O=MiniTruth CN=Big Brother where O is X.500 naming for Organization, and CN for Common Name (the key owners name). The PGP key is: Type Bits/KeyID Date User ID pub 760/13629D8D 1998/10/25 Director, NSA <[EMAIL PROTECTED]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQBsAzYyeuIAAAEC+LuVWM2LaDEM9zoS4x/ES9h74MT+Lri26g9PsGhPlVn2VukS PuF1YHYSw+zFgLznjDOIzyNGhFD7Z85htRGB36BHubgzGLRy/jkpq8qO5RIG/+m4 ma7OpacD79MTYp2NAAIDtB5EaXJlY3RvciwgTlNBIDxkaXJuc2FAbnNhLmdvdj4= =aoSi -----END PGP PUBLIC KEY BLOCK----- It's a 760 bit RSA key with a public exponent of 3. I found it a little odd that it was 760 bits rather than 768 bits, but I think I got the endianness and encoding right as the number is not trivially factorizable (I left a computer running pollard-rho for a few weeks at the time and didn't come up with anything). One possible explanation for 760 bits rather than 768 bits is the 768 bit 32 bit aligned area of memory ended with with a 0 byte, and ASN.1 encoding for big integers is to include a leading 0 if the most significant bit of the number is otherwise a 1 (to prevent it being considered a negative number). I know it's not prime as it fails primality checks, but I think it's fairly unlikely is that a randomly chosen number (if there is a mistake in the reverse engineering or interpretation of the encoding) would be both composite and that hard to factor. More details about the key at: http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html (A quick google shows that this was probably originally reported around Sep 99.) I wonder how many copies of export versions of lotus notes and similarly us export weakened products are still being used unknowingly by users. Adam --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]