Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
OnlyNSAcanlisten,sothat'sOK
DuncanCampbell01.06.1999
ExportversionofLotusNotesprovidestrapdoorforNSA.
GiantUSsoftwaremanufacturerLotushasbeenloweringtheprofileof informationabouthowtheyhaveinstalledanNSAonlytrapdoorintoemail andconferencesystemsusedbymanyEuropeangovernments,includingthe GermanMinistryofDefence,theFrenchMinistryofEducationandResearch andtheMinistryofEducationinLatvia.
LastweekinBrussels,Lotusstagedalavish"GlobalGovernmentForum"totryand
gainmoregovernmentcustomersforitssoftware.Theysucceededinstrikinganew 500,000userdealwiththeRussianMinistryofHigherandProfessionalEducationfor thedevelopmentofanewinformationinfrastructurefortheRussianeducationsystem. Yetanotherconference,LotusEurosphere'99,willbeheldinBerlininOctober. Lotusclaimsthatitssystemsareinherentlymoresecurethanthosefromitsmainrival, Microsoft. However,althoughdetailsofhowtheNSAtrapdoorworkscanstillbefoundinsome cornersoftheweb(seeIBMRedbook,Page80 [1]),thekeytechnicalpapersandpress releaseswhichrevealhowLotusworkedwithNSAtobuildaspecialtrapdoorintothe InternationalEditionofLotusNoteshavedisappearedfromtheweb. VisitorstothesecuritypagesonLotus'swebsite [2]arenowtoldthattheexport versionofLotusNotesuses"asystemapprovedbytheUSgovernmentcalled "WorkgroupDifferential"and"encrypt(s)informationusing64bitkeys". Thename"WorkgroupDifferential"ismeaningless.Thecorrecttitleis"Differential WorkfactorCryptography".The"differentialworkfactor"meansthattheUSNational SecurityAgencycanbreakthecodeonLotusNotesprivatemessages16milliontimes fasterthananyoneelse. How"DifferentialWorkfactorCryptography"workswasrevealedbyLotusitself threeyearsago.Althoughthedocumentsconcernedhavenowdisappearedfromthe web,Telepolishasobtainedcopies. InakeynotespeechtotheRSADataSecurityConferenceon17January1996,Ray Ozzie,PresidentofLotusdesignersIrisAssociatesrevealedhowLotushadcometo termswithAmericangovernmentexportcontrols,whichprohibitedtheexportof cryptographicsystemswithakeylengthover40bits. Hetoldthemthatnooneregardedthisassecure:
www.heise.de/tp/druck/mb/artikel/2/2898/1.html
1/3
7/17/13
Lotus'sanswerwasasystemthatletNSAeasilyreadforeignusers'email,while
improvingsecurityagainstothereavesdroppers.InapaperdistributedtotheRSA conference,SecurityProjectLeaderCharlesKaufmanexplainedindetailhowthe systemworked. Whensendingemailmessages,Lotususesa64bitkey.Butinexporteditions,24bits ofthekeyarebroadcastwiththemessage,reducingtheeffectivekeylengthto40bits. The24bitsareencryptedusingapublickeycreatedbytheNSA.Thisiscalledthe WorkfactorReductionField.OnlyNSAcandecrypttheinformationinthe WorkfactorReductionField.Oncethekeylengthisreducedto40bits,fastmodern computerscanbreakthecodeinsecondsorminutes. In1996,KaufmanalsorevealedthatNoteshadtobe weakenedevenfurthertopreventusersfromsimply removingtheNSAbackdoorfrombeingsentalong withtheirmessages.Topreventforeignusers tamperingwiththeworkfactorreductionfield,the InternationalEditionofLotusNoteswillrefuseto decipheranymessagewhichdoesnotcontainthecorrectfield.Tocheckthismeans thattheentirekeytothemessagehastobetransmittedinthemessage.Therecipient's softwarethenchecksthattheworkfactorreductionfieldispresentandcorrect.The factthatthefullkeyissentalongwiththemessagecreatesthepossibilityofasecond backdoor,reducingfurther.
OnlyAmericanscould thinkthatthiswasan advantagefortheLotus system.
SincetherowinSweden,bothLotusandRSAhaveremovedthe1996papersfrom
theirwebsites.AnotherLotusemployeeclaimed"wehaven'tweakenedthesecurityof internationalencryption,butactuallymadeitequaltotheUSsecurity(toeveryone buttheNSA).Weareproudofthisarrangement"(ouremphasis). OnlyAmericanscouldthinkthatthiswasanadvantagefortheLotussystem.Fromthe Europeanperspective,thegreatestthreatmaybeeconomicandpoliticalespionageby NSA.WithLotusbentonincreasingitsmarketsinEurope,theremustbeserious questionsaboutwhetherusersarebeingtoldthewholetruthaboutsecurity.
Anhang Links
www.heise.de/tp/druck/mb/artikel/2/2898/1.html
2/3
7/17/13
ArtikelURL:http://www.heise.de/tp/artikel/2/2898/1.html CopyrightTelepolis,HeiseZeitschriftenVerlag
www.heise.de/tp/druck/mb/artikel/2/2898/1.html
3/3