Thanks, looking at your mail and RFC2246, I kind of got what's happening.
Looks like 5 bytes are taken from key material. This 5 bytes along
with client random and server random are fed into the hash or PRF algo
to get the 8 bytes (in case of DES) which will be used as the key.
Thanks,
Nagaraj
>
> Nagaraj Bagepalli wrote:
> >
> > >
> > > > Does openssl support export level cipher suites?
> > >
> > > Yes; look for EXP in the list of ciphers. Unless you have an old
> > > installed base that you cannot convert, however, do not bother.
> > >
> > > > which does the 40 bit DES.
> > > That's because it's 40-bit RC4.
> > >
> > > There is 40bit DES, called CMDF. Patented by IBM. Rarely used.
> >
> > Does the same, CMDF, is used with cipher suites like
> > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA? If not how does openssl derive 40 bit
> > key to support such cipher suites?
> >
>
> It does it in exactly the same way any other export cipher is handled.
>
> 40 refers to the amount of entropy being used and not the key length. 40
> bits of entropy is expanded into a 64bit key of which 56 bits is
> effectively used.
>
> Similarly "40 bit" RC4 is in fact 40bits of entropy expanded into a 128
> bit key which is then used with RC4.
>
> See RFC2246 Appendix C.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
