Re: [PEN-TEST] RC4

[Chris Deibler <maradine () HOME COM>]

Group:
    Long time lurk, first post.  I respect your expertise in the extreme,
and am glad I can contribute.

David:
    To the best of my knowledge, the availability of the
encryption/decryption routines does not compromise the standard.  If RC4
works in a similar manner to PGP, then the task involved to decrypt the
stream is known: one must successfully factor an obscenely large prime
number, something that is still lacking a good algorithm in modern
mathematics.  The recipient's key already has the decoding factors, making
the task arbitrary.  If anyone feels this explanation is in error, please
let me know.

CD


----- Original Message -----
From: "Jay Mobley" <jmobley () IEINET COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Tuesday, November 28, 2000 4:12 PM
Subject: [PEN-TEST] RC4


> So , I am not pen-testing anything, but rather looking at some of my own
> venurabilities... and in doing so I learn that my Win2k Terminal server
> sends data to and from its client in a data stream encrypted with RC4. And
> in researching what I could about RC4 , I have seen time and time again
that
> RC4 source was posted to a public usenet forum..... So my question is
> this... If one has the source code to an encryption standard... how secure
> is that standard???
>
>
> -Jay Mobley
> Interactive Explorers