Why did intelligence backdoors get into IBM groupware?


by

EFF Photos

IBM's Lotus-Notes is a client-server groupware that can perform e-mail, schedule management, document sharing, etc. In fact, this Lotus-Notes was once backdoored by the US National Security Agency (NSA). Adam Back , a cryptographer who discovered the backdoor in 2002, explains the contents of the backdoor by the NSA.

NSA Backdoor Key from Lotus-Notes
http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html


Mr. Buck discovered by reverse engineering that an export version of Lotus-Notes released before 2000 had a backdoor containing a key escrow called `` differential cryptography ''. did.


by

Jens-Christian Fischer

Of the 64-bit RSA encryption used in the exported version of Lotus-Notes, 24 bits are encrypted with the public key of the NSA, and the NSA analyzes the remaining 40 bits with a brute force attack. , You will be able to access Lotus-Notes data.

Of course, without knowing the NSA's secret key, a malicious attacker would not be able to crack Lotus-Notes. Even if you get the 24-bit public key of the NSA, you will need considerable computing power to guess the secret key from it and then analyze the remaining 40 bits with brute force attack . Mr. Buck speculated that 'at that time, the NSA probably already had the computing power to analyze a 40-bit cipher brute force.'

Regarding the reason why the backdoor by the NSA was put into Lotus-Notes, Mr. Bakk said, `` It is considered that Lotus-Notes export was permitted provided that some of the encryption uses the NSA's public key. '

In the United States, the export of hardware and software using cryptography was severely restricted since World War II. Mr. Buck speculates that exporting Lotus-Notes abroad would require a rigorous review, and he would have been required to provide a backdoor for the NSA in exchange for a license.


by

Ryan Somma

Later, as the Internet became widespread and the e-commerce market grew, strong cryptography needed for commercial use on a global scale became necessary, and calls for relaxation of export restrictions on cryptography increased. And according to a presidential decree issued during the Clinton administration in 1996, it is said that `` export control of software as 'technology' is not appropriate '', and in the United States in 2000, many export restrictions on software were finally lifted. it was done.

In addition, Mr. Buck found that the organization name of the public key was ' MiniTruth ' and the common name was ' Big Brother '. MiniTruth is a governmental organization dedicated to propaganda that appeared in George Orwell's 1949 dystopian science fiction novel 1984, and Big Brother is the name of a dictator in the novel. 'I was very creepy when I found this name late in the debugger,' says Buck.


by Thomas Galvez

in Software,   Security, Posted by log1i_yk