July 18 2010 Sunday
Pop Quiz - who knows the encryption strength and alogrithm that Lotus Notes port encryption uses?
Nathan got me thinking, and when I think I search the web. In an earlier post Nathan commented about Notes encryption. Now I swear that every 6 months or so I am asked by a customer about the strength and algorithm that Lotus Notes uses when connecting over an encrypted port. I also swear I search for this information every 6 months too and I always come up with 64 bit RC 2 as the "possible" answer in this ancient SearchDomino post ....
Well this time I searched I hit pay-dirt. Based on technote 1097816 we get the following:
Now, this is not listed (as far as I can tell) anywhere in any help, be it admin or client. The technote also outlines how to test it and I did just that. As you can see below when I connected to my server I am connecting as 128 bit RC4.
So there you have it and why the hell is this not in the trace information or the help?
Well this time I searched I hit pay-dirt. Based on technote 1097816 we get the following:
| S | Encryption Strength The first value is the key length The second value is the algorithm | Length 128 (new in Notes/Domino 6) 64 40 (only used for R3 Int'l or WW40 versions) Algorithm 22 = RC4 2F = RC2 |
| A | Algorithm | 4:1 = RC4 2:0 = RC2 (R3 Intl or WW40) |
Now, this is not listed (as far as I can tell) anywhere in any help, be it admin or client. The technote also outlines how to test it and I did just that. As you can see below when I connected to my server I am connecting as 128 bit RC4.
So there you have it and why the hell is this not in the trace information or the help?
Why the hell isn't 128-bit encryption simply enabled by default? Under what circumstances would you NOT want it? The workload differential is trivial these days. Maybe in a Citrix environment it wouldn't be useful anyway, but it's also unlikely to hurt.
Yet another great feature never revealed because Lotus leaves themselves victim to the implementer.