Re: Netscape and 40 bit encryption

• To: www-security@ns2.rutgers.edu
• Subject: Re: Netscape and 40 bit encryption
• From: "Mark C. Davis ((919)254-7865)" <davismc@vnet.ibm.com>
• Date: Sat, 25 Mar 95 12:33:06 EST

Pardon me, but the way I read the SSL specification, the only restriction
to 40 bits is the symmetric key bulk encryption algorithm.  This is not
the strongest key length, but is not trivial to break.  Authentication
is still really based on standard X.509 certificates, with key lengths
reasonable for public keys.

(Depending on which paper you read, a 56 bit symmetric key is roughly
equivalent in strength to a several hundred bit (512 to 1024) public
key.  Thus a 40 bit public key would be a joke, but a 40 bit DES (CDMF), RC 2
or IDEA key would be nice for casual communication (personal privacy, but
not large monetary transactions).)

Thanks - Mark

• Previous: Netscape and 40 bit encryption
• Next: Re: Netscape and 40 bit encryption
• Index(es):
  • Index
  • Thread