[iwar] Crypto Rumour?

From: Tony Bartoletti
From: azb@llnl.gov
To: iwar@egroups.com
Mon, 19 Jun 2000 11:10:28 -0700
Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: To: "[iwar] Bill Wade/HDQ/WSP is out of the office."
Previous message: From: Fred Cohen To: "[iwar] News"
fc  Mon Jun 19 11:05:14 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Mon, 19 Jun 2000 11:05:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Mon Jun 19 18:05:10 2000)
X-From_: sentto-279987-416-961437904-fc=all.net@returns.onelist.com  Mon Jun 19 13:05:01 2000
Received: from fg.egroups.com (fg.egroups.com [208.50.144.70]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id NAA14671 for ; Mon, 19 Jun 2000 13:05:01 -0500
X-eGroups-Return: sentto-279987-416-961437904-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by fg.egroups.com with NNFMP; 19 Jun 2000 18:05:04 -0000
Received: (qmail 24506 invoked from network); 19 Jun 2000 18:05:03 -0000
Received: from unknown (10.1.10.26) by m3.onelist.org with QMQP; 19 Jun 2000 18:05:03 -0000
Received: from unknown (HELO poptop.llnl.gov) (128.115.41.70) by mta1 with SMTP; 19 Jun 2000 18:05:03 -0000
Received: from catalyst (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id LAA25787 for ; Mon, 19 Jun 2000 11:04:59 -0700 (PDT)
Message-Id: <4.2.2.20000619105952.00aa93c0@poptop.llnl.gov>
X-Sender: e048786@poptop.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
To: iwar@egroups.com
From: Tony Bartoletti 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, 19 Jun 2000 11:10:28 -0700
Reply-To: iwar@egroups.com
Subject: [iwar] Crypto Rumour?
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


This is from a thread on the IETF/PKIX mailing list.
Anyone care to comment (confirm/deny/clarify?)
____tony____

=====================================================================

I have heard a rumor that the '128-bit encryption' that Microsoft
is shipping with Windows 2000 has actually been tweaked in such a
way that it is only 128-bit when observed by a non-clued-in person,
but is rather 40-bit for the people who know how it has been designed.

In effect, rumor therefore has it that 88 bits out of the 128 are
set in such a way that it is extremely easy to find them for someone
who knows how. The French are supposed to have found this out, and
they are supposed to have been a little bit upset because of this fact.

I am not sure how much of this is actually the truth. The person
I received this information from might have confused this with the
silent "3DES -> DES" fallback in Windows that has been demonstrated
lately. Can anyone confirm or deny the above rumor?

Anyway. The bottom line is - I think people today are a little bit
crazy to use, and even buy, security software as executables without
any kind of access to the source code. It is plain stupid, and it
gives the country which supplied you with the binaries a perfect
weapon for the information wars that are due to ensue sooner or later.
The world is not all roses all the time. Remember the several-billion-
dollar deal which was lost by the European airplane manufacturer to
Boeing because the USA was eavesdropping on their conversations with
the purchaser?
[Tony: The alleged Echelon Connection]

Iraq, Vatican and several others have learned this lesson when they
bought black-box crypto machines from Crypto AG, only to find out
that the machine transmits the encryption key almost in plaintext
along with the encrypted message. Which, hence, was easily recoverable
by folks from the NSA and from the German intelligence agency.

======================================================================


Tony Bartoletti 925-422-3881 
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900


------------------------------------------------------------------------
Wrox Wireless Developer Conference, Amsterdam, July 10-12. Choose from
40+ technical sessions covering application of WAP, XML, ASP, Java and
C++ to mobile computing. Get your ticket to the future today!
http://click.egroups.com/1/5689/7/_/595019/_/961437904/
------------------------------------------------------------------------

------------------
http://all.net/
Next message: From: To: "[iwar] Bill Wade/HDQ/WSP is out of the office."
Previous message: From: Fred Cohen To: "[iwar] News"