On Thu, 28 May 1998, Dr Stephen Henson wrote:
> Actually it's even sillier than that: SSL always uses 128 bit encryption
> (as opposed to S/MIME which does "proper" 40 bit). What happens is that
> 40 bits are encrypted and the remaining 88 sent in the clear so even the
> "40 bit export" algorithms really use 128 bit symmetric algorithms.
This is not so silly, because it helps prevent precalculation attacks. If
"true" 40-bit encryption were used, an attacker could precalculate a
dictionary of some commonly-seen information encrypted with all 2^40
possible keys, and just look up intercepted packets. With 128-bit
encryption and 88 bits revealed, an attacker still has to do the work to
attack the 40-bit encryption EVERY time they want to attack it instead of
once and for all. That could mean the difference between routinely
intercepting everyone's traffic and only intercepting the traffic of known
targets. If your threat model is something like "NSA violating people's
doing routine email searches of everyone", then "fake 40 bit" could be
significantly preferable to the "real 40 bit".
Also, if you're in the "deploy and enjoy" camp, it could be seen as a good
thing for SSL users to be distributing 128-bit algorithms, even if they're
crippled down to 40 bits, rather than distributing true 40-bit algorithms.
Having lots of copies of 128-bit code in the world would seem to be a good
thing.
Having a lot of random key bits to key the algorithm, but then revealing
some of them, isn't such an unusual concept even in the free world where
we don't have to worry about export restrictions; it's standard practice
with stream cyphers, and called an "initizalization vector".
"Let me lose so beautifully http://www.islandnet.com/~mskala/
Let me lick the dew from the money tree Matthew Skala
Have the moms of the world all care about me Ansuz BBS
At suppertime" - Odds (250) 642-7820
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
