> Didn't bo2k impliment an IDEA crypto module. I thought the lame crypto
> packages were only included due to US export restrictions at the time of
> the release.
1. the keys are derived from a password (this is concider rather weak
by most cryptographers).
2. at least two BO2K plugins did so using a broken MD5 implementation.
this was however fixed.
The MD5 bug obviously made the ciphers insecure no matter what algorithm
the MD5-generated key was used with. If people are overly interrested I
could try to find some old emails regarding which plugins have had this
problem, don't have available at the moment.
This "lame crypto" isn't due to US standards, it was a direct flaw in the
plugins. As far as I know, NSA wants things to be 40 - 56 bits secret so
they can easily decode it, and not others. The flaw in the original BO2K
plugins made it far weaker.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
Received on Jul 01 2000
Intro
