INFO: RC2 Cipher Support in New Enhanced Base CSP

ID: Q162103


The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API), used with:
    • Microsoft Windows NT 4.0


SUMMARY

Microsoft has made available exportable and non-exportable versions of Service Pack 2 for Windows NT 4.0. The non-exportable or North American version of Service Pack 2 is available only in the United States and Canada through mail or phone order.

IMPORTANT NOTE: Due to a bug with RC2 cipher support in the Enhanced Cryptographic Service Provider, developers should NOT use this implementation of RC2. A fix for this bug is scheduled for Windows NT 4.0 Service Pack 3.


MORE INFORMATION

Export of this product from the United States is regulated under "EI controls" of the Export Administration Regulations (EAR, 15 CFR 730-744) of the U.S. Commerce Department, Bureau of Export Administration (BXA). EI controls are the current equivalent of ITAR munitions export controls that applied to this product prior to 1/1/97. EI controls require that you obtain a Commerce export license prior to any export, transmission, or shipment of this product to any country, other than Canada, or to any person, entity, or end user subject to U.S. export restrictions. The Commerce export license process and EI controls are described on BXA's web site at

http://www.bxa.doc.gov/encstart.htm
This export-controlled product includes the following features that are not available in the downloadable version of Windows NT 4.0 Service Pack 2:

An Enhanced Cryptographic Service Provider that allows applications that call CryptoAPI to use stronger keys and new algorithms. Algorithm support has been extended to include DES and Triple DES. Keylengths have been extended for RC4 ciphers to 128 bits; RSA keylengths have been lengthened to allow up to 16K bit keys. In addition to providing additional strengths and algorithms, the enhanced service provider continues to support the algorithms and strengths provided by the base provider.

This Service Pack also includes 128-bit support for Remote Access Server (RAS). Wide area connections made using RAS on both Windows NT Workstation and Windows NT Server use a 128-bit key to encrypt data, thus providing a more secure connection.

Internet browsers and servers (including Internet Explorer 3.01 and Internet Information Server 3.0) use Secure Sockets Layer (SSL) today for message integrity and confidentiality of communications, and optionally mutual authentication. With SSL, parties using the Internet can be confident that their communication is private and has not been tampered with or altered. Support for SSL 2.0 and SSL 3.0 shipped with this Service Pack uses 128-bit encryption.

Secure RPC has also been enhanced to support 128-bit encryption. Any application that requests secure RPC will automatically use 128-bit encryption.


REFERENCES

More information on this Service Pack can be found by linking to

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/ussp2/readme.htm

Additional query words:

Keywords : kbAPI kbCrypt kbKernBase kbDSupport kbGrpKernBase
Version : winnt:4.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: December 20, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.