Bugtraq mailing list archives
Re: [Mark (Mookie): Re: SSL message broken]
From: perry () piermont com (Perry E. Metzger)
Date: Fri, 18 Aug 1995 12:42:39 -0400
Peiter Zatko writes:
It has been rumored that the domestic version is also currently using a 40bit key and that Netscape had mentioned that they _will_ be using the 1024bit key (implying future tense).
Er, please get your facts correct here. The version sold in the U.S. can use a 128 bit RC4 key, not a 1024 bit one. No one ever spoke of a 1024 bit key. As for the version downloadable on the net, there is no question of a "rumor", it always has used a 40 bit key and this has hardly been a secret.
This makes a lot of sense actually as throughput is very important for their application and the difference between a 40bit key and 1024bit key is substantial.
What are you talking about? RC4 performs identically with any length of key, and furthermore the key used in the export/downloadable version is in fact 128 bits, except that all but 40 of the bits are 'leaked' by the protocol. .pm
Current thread:
- [Mark (Mookie): Re: SSL message broken] Peiter Zatko (Aug 18)
- Re: [Mark (Mookie): Re: SSL message broken] Perry E. Metzger (Aug 18)
- <Possible follow-ups>
- Re: [Mark (Mookie): Re: SSL message broken] Rick Garvin (Aug 18)