[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lotus Notes RSA Implementation Question

To: bglassle <[email protected]>
Subject: Re: Lotus Notes RSA Implementation Question
From: Charlie Kaufman/Iris <Charlie_Kaufman/[email protected]>
Date: 10 Nov 95 11:15:42 EDT
Cc: CypherPunks <[email protected]>
Sender: [email protected]

>If anyone on the list has knowledge of the following items, I would be
>very gratefull.
>
>1)  What is the key size used by the USA licensed version?
>
Notes V3 (the one currently deployed) uses 512 bit RSA keys in both the USA
and exportable versions. Notes V4 (currently in Beta) uses 512 bit RSA keys for
encryption in the exportable version and bigger keys for signatures in all
versions and for encryption in the USA version. I'm not sure I'm allowed to say
what the key size will be ahead of the product shipping.

>2)  Considering RC4 is a proprietary scheme, have there been any
>concerted efforts to validate it's strength or lack of?  If so, could
>you give a pointer to any documents I could review.
>
There has been considerable discussion of the security of RC4 on this list, and
some subtle (i.e. worrisome but not disasterous) weaknesses have been
found. Lotus Notes' use of RC4 is not subject to the weaknesses disclosed
to date because it does not encrypt recognizable plaintext with the first few
bytes of the RC4 stream.

>...Bob Glassley
>

 --Charlie Kaufman
 ([email protected])

Follow-Ups:
- Re: Lotus Notes RSA Implementation Question
  - From: [email protected] (Bob Glassley)

Prev by Date: Re: Exporting software doesn't mean exporting (was: Re: lp ?)
Next by Date: Re: Small keysizes do make sense (was PGP Comment weakens...)
Prev by thread: Lotus Notes RSA Implementation Question
Next by thread: Re: Lotus Notes RSA Implementation Question
Index(es):
- Date
- Thread