Bugtraq mailing list archives

Re: Lotus Notes Encryption Strategies

From: adam () bwh harvard edu (Adam Shostack)
Date: Tue, 14 Mar 1995 16:56:12 -0500 (EST)


| I have been looking at the methods used by Lotus Notes to do encryption on
| its mail transfers.  It seems to use RC4 (Rivest Cipher) for domestic
| communications and RC2 for international communications.
| 
| In the tech notes that I have, it would seemt that RC2 uses a 128bit key and
| RC4 uses a 256bit key.
| 
| Both these keys seem rather small in comparison to something like PGP's
| 1028bit key.

        A more pressing concern is the overall security of the rc2 or
rc4 cipher.  rc4 was not published until recently.  That prevented any
academic cryptanalysis of rc4.  As such, it should be considered a new
cipher, and not trusted until it has been extensively investigated by
professionals.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

Current thread:

Lotus Notes Encryption Strategies Software Test Account (Mar 14)
- Re: Lotus Notes Encryption Strategies Ollivier Robert (Mar 14)
- Re: Lotus Notes Encryption Strategies Adam Shostack (Mar 14)
- Re: Lotus Notes Encryption Strategies Perry E. Metzger (Mar 14)
- MIME encoding in Web browser forms Dr. Frederick B. Cohen (Mar 14)
- <Possible follow-ups>
- Re: Lotus Notes Encryption Strategies Paul C Leyland (Mar 15)