Group:
Long time lurk, first post. I respect your expertise in the extreme,
and am glad I can contribute.
David:
To the best of my knowledge, the availability of the
encryption/decryption routines does not compromise the standard. If RC4
works in a similar manner to PGP, then the task involved to decrypt the
stream is known: one must successfully factor an obscenely large prime
number, something that is still lacking a good algorithm in modern
mathematics. The recipient's key already has the decoding factors, making
the task arbitrary. If anyone feels this explanation is in error, please
let me know.
CD
----- Original Message -----
From: "Jay Mobley" <jmobley_at_IEINET.COM>
To: <PEN-TEST_at_SECURITYFOCUS.COM>
Sent: Tuesday, November 28, 2000 4:12 PM
Subject: [PEN-TEST] RC4
> So , I am not pen-testing anything, but rather looking at some of my own
> venurabilities... and in doing so I learn that my Win2k Terminal server
> sends data to and from its client in a data stream encrypted with RC4. And
> in researching what I could about RC4 , I have seen time and time again
that
> RC4 source was posted to a public usenet forum..... So my question is
> this... If one has the source code to an encryption standard... how secure
> is that standard???
>
>
> -Jay Mobley
> Interactive Explorers
Received on Nov 30 2000
Intro
