Matthew Skala wrote:
>
>
> This is not so silly, because it helps prevent precalculation attacks. If
> "true" 40-bit encryption were used, an attacker could precalculate a
> dictionary of some commonly-seen information encrypted with all 2^40
> possible keys, and just look up intercepted packets. With 128-bit
> encryption and 88 bits revealed, an attacker still has to do the work to
> attack the 40-bit encryption EVERY time they want to attack it instead of
> once and for all. That could mean the difference between routinely
> intercepting everyone's traffic and only intercepting the traffic of known
> targets. If your threat model is something like "NSA violating people's
> doing routine email searches of everyone", then "fake 40 bit" could be
> significantly preferable to the "real 40 bit".
>
You are taking my comments out of context. My "silly" comment was with
respect to the export laws, not with respect to the security involved.
I was referring to ambiguity of using a 128 bit strong encyption
algorithm for the purposes of weak encryption.
The original query expressed surprise that a 40 bit export browser could
suddenly become a 128 bit browser with SGC and that suddenly 128 bit
algorithms were allowed to be exported. My comment referred to the fact
that the 40 bit export approved browsers always used 128 bit algorithms.
> Also, if you're in the "deploy and enjoy" camp, it could be seen as a good
> thing for SSL users to be distributing 128-bit algorithms, even if they're
> crippled down to 40 bits, rather than distributing true 40-bit algorithms.
> Having lots of copies of 128-bit code in the world would seem to be a good
> thing.
>
Except that 128 bit algorithms are just 40 bit algorithms called with
different parameters at least as far as the most common are concerned.
The "distributed" algorithms rarely have any exposed interface anyway
due to the same export laws. CryptoAPI is one exception which has a
partially usable 128 bit RC2 and RC4 algorithm: though you can't set
arbitrary keys.
As to having copies of 128 bit code in the world well the stuff is
freely available in the "free world" anyway. Not to mention precise
details of some algorithms distributed in RFCs. The export restrictions
as usual assume that no one outside the US can program.
As usual one tries to make sense of the US export regulations at ones
peril :-)
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
PGP key: via homepage.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
