Lotus Notes RSA Implementation Question

Charlie Kaufman/Iris Charlie_Kaufman/Iris.IRIS at iris.com
Fri Nov 10 08:59:09 PST 1995


>If anyone on the list has knowledge of the following items, I would be
>very gratefull.
>
>1)  What is the key size used by the USA licensed version?
>
Notes V3 (the one currently deployed) uses 512 bit RSA keys in both the USA
and exportable versions. Notes V4 (currently in Beta) uses 512 bit RSA keys for
encryption in the exportable version and bigger keys for signatures in all
versions and for encryption in the USA version. I'm not sure I'm allowed to say
what the key size will be ahead of the product shipping.

>2)  Considering RC4 is a proprietary scheme, have there been any
>concerted efforts to validate it's strength or lack of?  If so, could
>you give a pointer to any documents I could review.
>
There has been considerable discussion of the security of RC4 on this list, and
some subtle (i.e. worrisome but not disasterous) weaknesses have been
found. Lotus Notes' use of RC4 is not subject to the weaknesses disclosed
to date because it does not encrypt recognizable plaintext with the first few
bytes of the RC4 stream.

>...Bob Glassley
>

 --Charlie Kaufman
 (charlie_kaufman at iris.com)







More information about the cypherpunks-legacy mailing list