[1260] in bugtraq
Re: Lotus Notes Encryption Strategies
daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Mar 14 18:47:20 1995
From: Adam Shostack <adam@bwh.harvard.edu>
To: softtest@wu1.wl.aecl.ca (Software Test Account)
Date: Tue, 14 Mar 1995 16:56:12 -0500 (EST)
Cc: swaits@pr.erau.edu, jmb@kryten.Atinc.COM, mjb@sophos.com, bugtraq@fc.net
In-Reply-To: <Pine.3.88.9503141327.A16394-0100000@wu1.wl.aecl.ca> from "Software Test Account" at Mar 14, 95 01:46:23 pm
| I have been looking at the methods used by Lotus Notes to do encryption on
| its mail transfers. It seems to use RC4 (Rivest Cipher) for domestic
| communications and RC2 for international communications.
|
| In the tech notes that I have, it would seemt that RC2 uses a 128bit key and
| RC4 uses a 256bit key.
|
| Both these keys seem rather small in comparison to something like PGP's
| 1028bit key.
A more pressing concern is the overall security of the rc2 or
rc4 cipher. rc4 was not published until recently. That prevented any
academic cryptanalysis of rc4. As such, it should be considered a new
cipher, and not trusted until it has been extensively investigated by
professionals.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
