Peiter Zatko writes: > It has been rumored that the domestic version is also currently using > a 40bit key and that Netscape had mentioned that they _will_ be using the > 1024bit key (implying future tense). Er, please get your facts correct here. The version sold in the U.S. can use a 128 bit RC4 key, not a 1024 bit one. No one ever spoke of a 1024 bit key. As for the version downloadable on the net, there is no question of a "rumor", it always has used a 40 bit key and this has hardly been a secret. > This makes a lot of sense actually as throughput is very important for their > application and the difference between a 40bit key and 1024bit key is > substantial. What are you talking about? RC4 performs identically with any length of key, and furthermore the key used in the export/downloadable version is in fact 128 bits, except that all but 40 of the bits are 'leaked' by the protocol. .pm