Home page logo

pen-test logo Penetration Testing mailing list archives

From: Chris Deibler <maradine () HOME COM>
Date: Tue, 28 Nov 2000 23:03:37 -0500

    Long time lurk, first post.  I respect your expertise in the extreme,
and am glad I can contribute.

    To the best of my knowledge, the availability of the
encryption/decryption routines does not compromise the standard.  If RC4
works in a similar manner to PGP, then the task involved to decrypt the
stream is known: one must successfully factor an obscenely large prime
number, something that is still lacking a good algorithm in modern
mathematics.  The recipient's key already has the decoding factors, making
the task arbitrary.  If anyone feels this explanation is in error, please
let me know.


----- Original Message -----
From: "Jay Mobley" <jmobley () IEINET COM>
Sent: Tuesday, November 28, 2000 4:12 PM
Subject: [PEN-TEST] RC4

So , I am not pen-testing anything, but rather looking at some of my own
venurabilities... and in doing so I learn that my Win2k Terminal server
sends data to and from its client in a data stream encrypted with RC4. And
in researching what I could about RC4 , I have seen time and time again
RC4 source was posted to a public usenet forum..... So my question is
this... If one has the source code to an encryption standard... how secure
is that standard???

-Jay Mobley
Interactive Explorers

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]