The story about encryption keys is that you always have a 128-bit key,
but if the cipher has to conform to export control policies (which is
probably your case from what I understand), 88 of those 128 bits are
known (or easily deduceable). The remaining 40 are the only secret bits
for export ciphers.
This is what I believe the "RC4-40, 128 bit with 40 secret" message is
meant to say.
Valentin
-----Original Message-----
From: Charles Tassell [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 13, 1999 09:50
To: [EMAIL PROTECTED]
Subject: Certificate Length
I have a question about 128 bit certificates: How do I tell if I have
one?
I just looked at the Netscape "Page Info" of a site I connected to via
https, and it said :
Security: This is a secure document that uses a medium-grade encryption
key
suited for U.S. export (RC4-40, 128 bit with 40 secret).
Does this mean I only have a 40-bit key, or a 128 bit key? The "128
bit"
part would make me believe I was nice and secure, but that "40 secret"
kind
of scares me. If we have to spend another $600 Canadian to replace a
bad
cert request, my boss is going to be pi$$ed at me. ;-)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
