Re: Netscape and 40 bit encryption

• To: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
• Subject: Re: Netscape and 40 bit encryption
• From: " " <amir@watson.ibm.com>
• Date: Mon, 27 Mar 1995 09:17:16 -0500
• Cc: "Chuck Yerkes" <yerkes_chuck@jpmorgan.com>, www-security@ns2.rutgers.edu
• In-Reply-To: Your message of "Fri, 24 Mar 1995 20:18:22 +0900." <95Mar24.201831+0900_met.63663-3+2@dxal18.cern.ch>

Phil says:

> No, I don't think anyone would question the 40bits is not enough. Thats why the
> US government will let people use it...

While the US govt (and others) will bar strong (>40b) general purpose
ENCRYPTION, this does not hold for authentication (as Chuck asked), or in fact
even for encryption which is limited to, say, credit card numbers.

Therefore: I agree with Phil that technically SSL does use 40b. But I disagree
that this is unavoidable due to export restrictions; strong auth and encryption
of credit card and similar info is possible.

Best, Amir Herzberg

• Re: Netscape and 40 bit encryption
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>

• Previous: Re: Netscape and 40 bit encryption
• Next: 40 Bit Cryptography
• Index(es):
  • Index
  • Thread