[1258] in bugtraq
Re: Lotus Notes Encryption Strategies
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Mar 14 18:34:28 1995
To: Software Test Account <softtest@wu1.wl.aecl.ca>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Tue, 14 Mar 1995 13:46:23 CST."
<Pine.3.88.9503141327.A16394-0100000@wu1.wl.aecl.ca>
Reply-To: perry@imsi.com
Date: Tue, 14 Mar 1995 17:00:01 -0500
From: "Perry E. Metzger" <perry@imsi.com>
Software Test Account says:
>
> I have been looking at the methods used by Lotus Notes to do encryption on
> its mail transfers. It seems to use RC4 (Rivest Cipher) for domestic
> communications and RC2 for international communications.
No, it just uses RC4 for both and uses 40 bit keys for international work.
> In the tech notes that I have, it would seemt that RC2 uses a 128bit key and
> RC4 uses a 256bit key.
>
> Both these keys seem rather small in comparison to something like PGP's
> 1028bit key.
>
> Is this a valid concern/criticism?
No, because the key lengths between the methods are not commensurate.
.pm
