NSA Backdoor Key from Lotus-Notes (1997)
This page has also been translated into Russian hereand into Polish here. Before the US crypto export regulations were finally disolved the export version of Lotus Notes used to include a key escrow / backdoor feature called differential cryptography. The idea was that they got permission to export 64 bit crypto if 24 of those bits were encrypted for the NSA's public key. The NSA would then only have the small matter of brute-forcing the remaining 40 bits to get the plaintext, and everyone else would get a not-that-great 64 bit key space. Anyway as clearly inside the application somewhere would be an NSA public key that the NSA had the private key for, I tried reverse engineering it to get the public key. In doing this I discovered that the NSA public key had an organizational name of "MiniTruth", and a common name of "Big Brother". I figured it was in little endian format by trial and error; other formats were easy to factor.