INFO: RC2 Cipher Support in New Enhanced Base CSP

Last reviewed: February 6, 1997
Article ID: Q162103
The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API) included with: - Microsoft Windows NT version 4.0

SUMMARY

Microsoft has made available exportable and non-exportable versions of Service Pack 2 for Windows NT 4.0. The non-exportable or North American version of Service Pack 2 is available only in the United States and Canada through mail or phone order.

IMPORTANT NOTE: Due to a bug with RC2 cipher support in the Enhanced Cryptographic Service Provider, developers should NOT use this implementation of RC2. A fix for this bug is scheduled for Windows NT 4.0 Service Pack 3.

MORE INFORMATION

Export of this product from the United States is regulated under "EI controls" of the Export Administration Regulations (EAR, 15 CFR 730-744) of the U.S. Commerce Department, Bureau of Export Administration (BXA). EI controls are the current equivalent of ITAR munitions export controls that applied to this product prior to 1/1/97. EI controls require that you obtain a Commerce export license prior to any export, transmission, or shipment of this product to any country, other than Canada, or to any person, entity, or end user subject to U.S. export restrictions. The Commerce export license process and EI controls are described on BXA's web site at http://www.bxa.doc.gov/encstart.htm

This export-controlled product includes the following features that are not available in the downloadable version of Windows NT 4.0 Service Pack 2:

An Enhanced Cryptographic Service Provider that allows applications that call CryptoAPI to use stronger keys and new algorithms. Algorithm support has been extended to include DES and Triple DES. Keylengths have been extended for RC4 ciphers to 128 bits; RSA keylengths have been lengthened to allow up to 16K bit keys. In addition to providing additional strengths and algorithms, the enhanced service provider continues to support the algorithms and strengths provided by the base provider.

This Service Pack also includes 128-bit support for Remote Access Server (RAS). Wide area connections made using RAS on both Windows NT Workstation and Windows NT Server use a 128-bit key to encrypt data, thus providing a more secure connection.

Internet browsers and servers (including Internet Explorer 3.01 and Internet Information Server 3.0) use Secure Sockets Layer (SSL) today for message integrity and confidentiality of communications, and optionally mutual authentication. With SSL, parties using the Internet can be confident that their communication is private and has not been tampered with or altered. Support for SSL 2.0 and SSL 3.0 shipped with this Service Pack uses 128-bit encryption.

Secure RPC has also been enhanced to support 128-bit encryption. Any application that requests secure RPC will automatically use 128-bit encryption.

REFERENCES

More information on this Service Pack can be found by linking to ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/ ussp2/readme.htm


KBCategory: kbusage kbprg kbother
KBSubcategory: BseCrypt
Additional reference words: 4.00




THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: February 6, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.