Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] RC4
From: Chris Deibler <maradine () HOME COM>
Date: Tue, 28 Nov 2000 23:03:37 -0500

Group:
    Long time lurk, first post.  I respect your expertise in the extreme,
and am glad I can contribute.

David:
    To the best of my knowledge, the availability of the
encryption/decryption routines does not compromise the standard.  If RC4
works in a similar manner to PGP, then the task involved to decrypt the
stream is known: one must successfully factor an obscenely large prime
number, something that is still lacking a good algorithm in modern
mathematics.  The recipient's key already has the decoding factors, making
the task arbitrary.  If anyone feels this explanation is in error, please
let me know.

CD


----- Original Message -----
From: "Jay Mobley" <jmobley () IEINET COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Tuesday, November 28, 2000 4:12 PM
Subject: [PEN-TEST] RC4


So , I am not pen-testing anything, but rather looking at some of my own
venurabilities... and in doing so I learn that my Win2k Terminal server
sends data to and from its client in a data stream encrypted with RC4. And
in researching what I could about RC4 , I have seen time and time again
that
RC4 source was posted to a public usenet forum..... So my question is
this... If one has the source code to an encryption standard... how secure
is that standard???


-Jay Mobley
Interactive Explorers


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]