From: Charlie Kaufman/Iris <Charlie_Kaufman/Iris.IRIS@iris.com>
To: bglassle <bglassle@kaiwan.com>
Message Hash: 355a6752b51de74718ae3c979c41ed8af1832bd5302a1a50ea0aa051243c39f1
Message ID: <9511102035.AA6927@moe.iris.com>
Reply To: N/A
UTC Datetime: 1995-11-10 16:59:09 UTC
Raw Date: Sat, 11 Nov 1995 00:59:09 +0800
From: Charlie Kaufman/Iris <Charlie_Kaufman/Iris.IRIS@iris.com>
Date: Sat, 11 Nov 1995 00:59:09 +0800
To: bglassle <bglassle@kaiwan.com>
Subject: Re: Lotus Notes RSA Implementation Question
Message-ID: <9511102035.AA6927@moe.iris.com>
MIME-Version: 1.0
Content-Type: text/plain
>If anyone on the list has knowledge of the following items, I would be
>very gratefull.
>
>1) What is the key size used by the USA licensed version?
>
Notes V3 (the one currently deployed) uses 512 bit RSA keys in both the USA
and exportable versions. Notes V4 (currently in Beta) uses 512 bit RSA keys for
encryption in the exportable version and bigger keys for signatures in all
versions and for encryption in the USA version. I'm not sure I'm allowed to say
what the key size will be ahead of the product shipping.
>2) Considering RC4 is a proprietary scheme, have there been any
>concerted efforts to validate it's strength or lack of? If so, could
>you give a pointer to any documents I could review.
>
There has been considerable discussion of the security of RC4 on this list, and
some subtle (i.e. worrisome but not disasterous) weaknesses have been
found. Lotus Notes' use of RC4 is not subject to the weaknesses disclosed
to date because it does not encrypt recognizable plaintext with the first few
bytes of the RC4 stream.
>...Bob Glassley
>
--Charlie Kaufman
(charlie_kaufman@iris.com)
Return to November 1995
Return to “Jeff Weinstein <jsw@netscape.com>”