[1263] in bugtraq
Re: Lotus Notes Encryption Strategies
daemon@ATHENA.MIT.EDU (Paul C Leyland)
Wed Mar 15 06:55:49 1995
Date: Wed, 15 Mar 1995 09:16:32 GMT
From: pcl@foo.oucs.ox.ac.uk (Paul C Leyland)
To: bugtraq@fc.net
| I have been looking at the methods used by Lotus Notes to do encryption on
| its mail transfers. It seems to use RC4 (Rivest Cipher) for domestic
| communications and RC2 for international communications.
|
| In the tech notes that I have, it would seemt that RC2 uses a 128bit key and
| RC4 uses a 256bit key.
|
| Both these keys seem rather small in comparison to something like PGP's
| 1028bit key.
There is an excellent reason for this. PGP's "1028bit key" (in
reality anything up to 2048 bits) is for its RSA component. The bulk
encryption in PGP is by the IDEA algorithm which has a 128 bit key.
The reason that RSA needs much larger keys than IDEA for an equal
security against the best know attacks is that the attacks on RSA are
*much* better than searching the entire key space. As far as anyone
is prepared to say in public, no better method of attacking IDEA is
known. I've estimated that key search on IDEA is about as hard as
factoring a RSA modulus of 3000-3500 bits, in both cases using the
best known algorithms.
To misuse an old saying: size isn't important, it's how you use it.
For instance: simple monalphabetic substitution over the alphabet A-Z
has 26! different keys. This number is 403291461126605635584000000,
or an 88+ bit key space. Despite this, monalphabetic substitution is
nowhere near as strong as DES which "only" has 56 bits of keyspace.
> A more pressing concern is the overall security of the rc2 or
> rc4 cipher. rc4 was not published until recently. That prevented any
> academic cryptanalysis of rc4. As such, it should be considered a new
> cipher, and not trusted until it has been extensively investigated by
> professionals.
This is, indeed, a more important point (IMAO). Ron has a good track
record and rc4 is probably pretty good but it needs stringent testing
before we can assess how much confidence we should place in it.
Paul
