Re: Netscape and 40 bit encryption

To: www-security@ns1.rutgers.edu
Subject: Re: Netscape and 40 bit encryption
From: "Kipp E.B. Hickman" <kipp@netscape.com>
Date: 28 Mar 1995 17:51:35 GMT
Newsgroups: mcom.list.www-security
Organization: Netscape Communications
References: <9503241314.ZM1641@fugit.ny.jpmorgan.com>

yerkes_chuck@jpmorgan.com (Chuck Yerkes) wrote:
>First off, I'm a consultant, so I don't speak for my clients....
>
>I'v been looking at the SSL implementation and the Netscape 
>server and I'm finding that Authentication is done via a 
>40 bit key.  It this right???

No. Authentication is done using public key cryptography, and for export, that
means a 512 bit key. The public key crypto is also used to exchange a secret,
and the secret is limited to 40 bits in the export case.

>If so, breaking a 40bit key, especially when you know the first
>work of the data, seems to me to be trivial - a network of Sun's
>represents a fair amount of computing cycles, likely enough to
>break this.

It is plausible that someone could figure out how to break a 40 bit session of
data. We would love to use larger values, but the U.S. govt. has tied our
hands. Please note that with SSL we have done what we could to maximize the
strength of that 40 bit key:

	(1) the key is "salted" with 88 bits of clear data. This prevents
	    pre-computed dictionary attacks.
	(2) the combination of the salt and the secret key are used as input
	    to MD5 (with other session specific data) to produce the actual
	    keys used for the session.
	(3) seperate keys are used for the read and write ends of the session.

#2 means that the keys are unique for each sesion. #3 means that the keys are
unique for each end of the session. So cracking a single key yields no help for
cracking the other key for a session.

Each session must be cracked individually, with no help for the other sessions
to be found.

Mind you, this analysis is amateurish at best - the crypto wizards may yet come
up with some amazing feat of analysis that reduces the strength of this
security.

Finally, note that SSL allows for full strength ciphers in addition to the
"export grade" ones.

---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp@netscape.com          http://home.mcom.com/people/kipp/index.htm

References:

Netscape and 40 bit encryption

From: "Chuck Yerkes" <yerkes_chuck@jpmorgan.com>

Previous: Re: Netscape and 40 bit encryption
Next: Re: Netscape and 40 bit encryption
Index(es):
- Index
- Thread