[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lotus Notes RSA Implementation Question

>If anyone on the list has knowledge of the following items, I would be
>very gratefull.
>1)  What is the key size used by the USA licensed version?
Notes V3 (the one currently deployed) uses 512 bit RSA keys in both the USA
and exportable versions. Notes V4 (currently in Beta) uses 512 bit RSA keys for
encryption in the exportable version and bigger keys for signatures in all
versions and for encryption in the USA version. I'm not sure I'm allowed to say
what the key size will be ahead of the product shipping.

>2)  Considering RC4 is a proprietary scheme, have there been any
>concerted efforts to validate it's strength or lack of?  If so, could
>you give a pointer to any documents I could review.
There has been considerable discussion of the security of RC4 on this list, and
some subtle (i.e. worrisome but not disasterous) weaknesses have been
found. Lotus Notes' use of RC4 is not subject to the weaknesses disclosed
to date because it does not encrypt recognizable plaintext with the first few
bytes of the RC4 stream.

>...Bob Glassley

 --Charlie Kaufman
 ([email protected])