I asked a developer to take a look, and they are unable to figure out
what the problem. More information is needed to confirm.
At 11:21 PM 9/25/2007, Peter Gutmann wrote:
-- Snip --
Subject: Error in RFC 3217
Date: Wed, 01 Aug 2007 11:54:13 -0700
There is an error in the test vectors for RC2 Key Wrap given in RFC
3217. The specification states that RC2 should be used with a 128 bit
key and 128 effective key bits. The test vectors are however generated
using RC2 with a 128 bit key but only 40 effective key bits (which BTW
was the default for MS CryptoAPI prior to Windows XP).
I don't know if R. Housley is reading these groups, but clearly this
is an error that should be corrected.
The algorithms specified in RFC 3217 are primarily used for S/MIME. If
you have ever used S/MIME for encrypting email using a certificate
with a DH public key and the RC2-CBC encryption algorithm, chances are
you only got 40 bits of security even if you opted for 128 bit