Re: [Mark (Mookie): Re: SSL message broken]

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Rick Garvin: "Re: [Mark (Mookie): Re: SSL message broken]"
• Previous message: Mark Graff: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• In reply to: Peiter Zatko: "[Mark (Mookie): Re: SSL message broken]"

Peiter Zatko writes:
> It has been rumored that the domestic version is also currently using
> a 40bit key and that Netscape had mentioned that they _will_ be using the
> 1024bit key (implying future tense).

Er, please get your facts correct here.

The version sold in the U.S. can use a 128 bit RC4 key, not a 1024 bit
one. No one ever spoke of a 1024 bit key. As for the version
downloadable on the net, there is no question of a "rumor", it always
has used a 40 bit key and this has hardly been a secret.

> This makes a lot of sense actually as throughput is very important for their
> application and the difference between a 40bit key and 1024bit key is
> substantial.

What are you talking about? RC4 performs identically with any length
of key, and furthermore the key used in the export/downloadable
version is in fact 128 bits, except that all but 40 of the bits are
'leaked' by the protocol.

.pm

• Next message: Rick Garvin: "Re: [Mark (Mookie): Re: SSL message broken]"
• Previous message: Mark Graff: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• In reply to: Peiter Zatko: "[Mark (Mookie): Re: SSL message broken]"