[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0304211111460.15405-100000@priori.xexil.com>
From: aliver at xexil.com (aliver@...il.com)
Subject: Re: RC4 and Lotus Notes
> Which version are you using international version or USA version?
> The latter uses more bits for keys.
I'm coding with the libraries from Domino 6.0.1 domestic (USA) version,
under Linux. I think the international versions use RC2 with some
hideously small key sizes. After a few long nights of debugging I can say
for sure that the buffer used for the RC4 key is in Notes is 256 bits. I'm
not sure how they handle the IV, key re-use, and other factors that'd help
the Fluhrer, Mantin, Shamir attack. This is Lotus Notes we are talking
about, so the answer is probably "poorly". I've only got the libraries,
not the source, so I can't tell WTF is going on, really.
Ah well, I'm not too concerned with it since my app just decrypts
the message regardless of how it was encrypted then hands it to a local
Linux MDA (in this case, procmail). I'll probably try out gpgme to
re-crypt the message if it was originally encrypted in the user's lotus
notes account.
aliver
Powered by blists - more mailing lists