[Evolution] Re: encryption of MAPI

From: James Sutherland <jas88 cam ac uk>
To: Luke Kenneth Casson Leighton <lkcl samba org>
Cc: evolution helixcode com, evolution-hackers helixcode com, Multiple recipients of list <samba-technical samba org>
Subject: [Evolution] Re: encryption of MAPI
Date: Wed, 23 Aug 2000 10:38:49 +0100 (BST)

On Wed, 23 Aug 2000, Luke Kenneth Casson Leighton wrote:

On Tue, 22 Aug 2000, James Sutherland wrote:

On Tue, 22 Aug 2000, Luke Kenneth Casson Leighton wrote:

... is to XOR 0xa5 over the block :)


ROFL! MS certainly seem to like that "encryption" algorithm - API
obfuscation (some of the low-level API calls have the entry point address
XORed with a "magic number"), password encryption for WinCE (with
the string "Pegasus", reversed)... Did they have a hand in CSS? :-)

Just think how much harder life could be if MS actually found themselves a
competent crypto guy...


funnily enough, they do actually have one of the best crypto people
around.

... only recently did they actually start talking to him, though.


ROFL!

but seriously, the purpose of 10100101 is to make cleartext less readable.

for encryption, you use DCE/RPC's NTLMSSP, with sign and seal requested.

MAPI's job is not to encrypt, but to do mail.


OK, if this obfuscation isn't for security, what's it for? The usual, no
doubt - just make it more difficult for people to compete...

NTLMSSP's job is to authenticate, sign and seal.


Bleurgh. Let's hope the final judgement from the Supreme Court (or the EU
case) prohibits MICROS~1 from obfuscating APIs, protocols etc...


James.

Follow-Ups:
- [Evolution] Re: encryption of MAPI
  - From: Luke Kenneth Casson Leighton

References:
- [Evolution] Re: encryption of MAPI
  - From: Luke Kenneth Casson Leighton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]