[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lotus Notes RSA Implementation Question

To: [email protected]
Subject: Re: Lotus Notes RSA Implementation Question
From: Jeff Weinstein <[email protected]>
Date: Sat, 11 Nov 1995 14:19:51 -0800
Newsgroups: mcom.list.cypherpunks
Organization: Netscape Communications Corporation
References: <[email protected]> <[email protected]>
Sender: [email protected]

Bob Glassley wrote:
> >>2)  Considering RC4 is a proprietary scheme, have there been any
> >>concerted efforts to validate it's strength or lack of?  If so, could
> >>you give a pointer to any documents I could review.
> >>
> >There has been considerable discussion of the security of RC4 on this list, and
> >some subtle (i.e. worrisome but not disasterous) weaknesses have been
> >found. Lotus Notes' use of RC4 is not subject to the weaknesses disclosed
> >to date because it does not encrypt recognizable plaintext with the first few
> >bytes of the RC4 stream.
> 
> My understanding was that the problems exposed with RC4 that you
> mentioned, were with the particular implemenation by Netscape.  I
> guess I better go back to the archive and do some reading. :-)

Some RC4 keys that begin with specific values make it somewhat easier to
guess the first few bytes of the encrypted data.  This is a (probably
minor) weakness of RC4, and is in no way specific to Netscape.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

References:
- Re: Lotus Notes RSA Implementation Question
  - From: Charlie Kaufman/Iris <Charlie_Kaufman/[email protected]>
- Re: Lotus Notes RSA Implementation Question
  - From: [email protected] (Bob Glassley)

Prev by Date: Re: DejaNews all over again
Next by Date: FBI Computer Chief
Prev by thread: Re: Lotus Notes RSA Implementation Question
Next by thread: Re: Lotus Notes RSA Implementation Question
Index(es):
- Date
- Thread