Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: Lotus Notes Encryption Strategies

Re: Lotus Notes Encryption Strategies

Adam Shostack (adambwh.harvard.edu)
Tue, 14 Mar 1995 16:56:12 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dr. Frederick B. Cohen: "MIME encoding in Web browser forms"
Previous message: Perry E. Metzger: "Re: Lotus Notes Encryption Strategies"
In reply to: Software Test Account: "Lotus Notes Encryption Strategies"
Next in thread: Paul C Leyland: "Re: Lotus Notes Encryption Strategies"

| I have been looking at the methods used by Lotus Notes to do encryption on
| its mail transfers.  It seems to use RC4 (Rivest Cipher) for domestic
| communications and RC2 for international communications.
| 
| In the tech notes that I have, it would seemt that RC2 uses a 128bit key and
| RC4 uses a 256bit key.
| 
| Both these keys seem rather small in comparison to something like PGP's
| 1028bit key.

	A more pressing concern is the overall security of the rc2 or
rc4 cipher.  rc4 was not published until recently.  That prevented any
academic cryptanalysis of rc4.  As such, it should be considered a new
cipher, and not trusted until it has been extensively investigated by
professionals.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume

Next message: Dr. Frederick B. Cohen: "MIME encoding in Web browser forms"
Previous message: Perry E. Metzger: "Re: Lotus Notes Encryption Strategies"
In reply to: Software Test Account: "Lotus Notes Encryption Strategies"
Next in thread: Paul C Leyland: "Re: Lotus Notes Encryption Strategies"