1995-11-14 - Re: Lotus Notes RSA Implementation Question

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: d55023932ebbc01d65837ac9b668b65c37fe6b9a141f0feb2e03eb8b4bcf627b
Message ID: <30A52187.44EB@netscape.com>
Reply To: <9511102035.AA6927@moe.iris.com>
UTC Datetime: 1995-11-14 00:00:34 UTC
Raw Date: Tue, 14 Nov 1995 08:00:34 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 14 Nov 1995 08:00:34 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes RSA Implementation Question
In-Reply-To: <9511102035.AA6927@moe.iris.com>
Message-ID: <30A52187.44EB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Bob Glassley wrote:
> >>2)  Considering RC4 is a proprietary scheme, have there been any
> >>concerted efforts to validate it's strength or lack of?  If so, could
> >>you give a pointer to any documents I could review.
> >>
> >There has been considerable discussion of the security of RC4 on this list, and
> >some subtle (i.e. worrisome but not disasterous) weaknesses have been
> >found. Lotus Notes' use of RC4 is not subject to the weaknesses disclosed
> >to date because it does not encrypt recognizable plaintext with the first few
> >bytes of the RC4 stream.
> 
> My understanding was that the problems exposed with RC4 that you
> mentioned, were with the particular implemenation by Netscape.  I
> guess I better go back to the archive and do some reading. :-)

Some RC4 keys that begin with specific values make it somewhat easier to
guess the first few bytes of the encrypted data.  This is a (probably
minor) weakness of RC4, and is in no way specific to Netscape.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread