Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!sdd.hp.com!think.com!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.org.eff.talk
Subject: Re: Info on Lotus Marketplace
Keywords: Lotus Marketplace Home
Message-ID: <1990Dec1.004022.28619@Think.COM>
Date: 1 Dec 90 00:40:22 GMT
References: <WEX.90Nov30110654@dali.pws.bull.com> <11252@pt.cs.cmu.edu>
Sender: news@Think.COM
Distribution: comp
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 21

In article <11252@pt.cs.cmu.edu> ddean@rain.andrew.cmu.edu (Drew Dean) writes:
>	Also, how secure is "highly encoded" ?  Remember a few years ago the
>"unbreakable" copy protection schemes, which were usually broken either
>before the product was released or within 1 month if it was really hard ?
>Can the NSA invert DES ? [Not to be paranoid, but it's still an open
>question.]  Can someone else invert DES ?  Would encrypting a bunch of
>common names do any good, ala encrypting the dictionary to find Unix
>passwords ?

It shouldn't be necessary to break DES to get at the data on the disk.
Remember, the weakest link in most encryption schemes is the key.  And in
the case of Lotus Marketplace, the key is stored somewhere in the program
that reads the disk.  If the Hypercard stack includes custom XCMDs to
access the disk then they'd be wise to put it in there, but I wouldn't be
too surprised if it's in the Hypercard stack itself.  So, all you need is a
good disassembler to help you find the decryption key.
--
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar