Full Disclosure mailing list archives

Re: RC4 and Lotus Notes

From: HAYAKAWA Hitoshi <cz () hykw jp>
Date: Tue, 22 Apr 2003 00:57:20 +0900

At Mon, 21 Apr 2003 08:42:21 -0600 (MDT),
aliver () xexil com wrote:

      While developing something boring using the Lotus C API for Linux.
I noticed while using valgrind that functions like NSFNoteDecrypt()  and
NSFNoteIsSignedOrSealed() are still making use of RC4 encryption with a
256 bit key even when I use "strong" encryption settings in it's lame
windows MegaGUI. IIRC, RC4 is known to have some weaknesses in it's key
scheduling that have yielded some interesting results (WEP, Winnt, etc..).


Which version are you using international version or USA version?
The latter uses more bits for keys.

-- 
HAYAKAWA, Hitoshi
cz () hykw jp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RC4 and Lotus Notes aliver (Apr 21)
- Re: RC4 and Lotus Notes HAYAKAWA Hitoshi (Apr 21)
- Re: RC4 and Lotus Notes Derek Atkins (Apr 21)
- <Possible follow-ups>
- Re: RC4 and Lotus Notes aliver (Apr 21)