Penetration Testing mailing list archives
Re: [PEN-TEST] RC4
From: Chris Deibler <maradine () HOME COM>
Date: Tue, 28 Nov 2000 23:03:37 -0500
Group: Long time lurk, first post. I respect your expertise in the extreme, and am glad I can contribute. David: To the best of my knowledge, the availability of the encryption/decryption routines does not compromise the standard. If RC4 works in a similar manner to PGP, then the task involved to decrypt the stream is known: one must successfully factor an obscenely large prime number, something that is still lacking a good algorithm in modern mathematics. The recipient's key already has the decoding factors, making the task arbitrary. If anyone feels this explanation is in error, please let me know. CD ----- Original Message ----- From: "Jay Mobley" <jmobley () IEINET COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, November 28, 2000 4:12 PM Subject: [PEN-TEST] RC4
So , I am not pen-testing anything, but rather looking at some of my own venurabilities... and in doing so I learn that my Win2k Terminal server sends data to and from its client in a data stream encrypted with RC4. And in researching what I could about RC4 , I have seen time and time again
that
RC4 source was posted to a public usenet forum..... So my question is this... If one has the source code to an encryption standard... how secure is that standard??? -Jay Mobley Interactive Explorers
Current thread:
- [PEN-TEST] RC4 Jay Mobley (Nov 29)
- Re: [PEN-TEST] RC4 Erick fabrizio (Nov 29)
- Re: [PEN-TEST] RC4 Ryan Russell (Nov 29)
- Re: [PEN-TEST] RC4 Chris Deibler (Nov 29)
- Re: [PEN-TEST] RC4 Alan Olsen (Nov 29)
- Re: [PEN-TEST] RC4 Robert van der Meulen (Nov 30)
- [PEN-TEST] RC4 Raju Mathur (Nov 29)