Re: Netscape and 40 bit encryption

• To: www-security@ns1.rutgers.edu
• Subject: Re: Netscape and 40 bit encryption
• From: "Kipp E.B. Hickman" <kipp@netscape.com>
• Date: 28 Mar 1995 17:57:22 GMT
• Newsgroups: mcom.list.www-security
• Organization: Netscape Communications
• References: yerkes_chuck@jpmorgan.com (Chuck Yerkes) <9503271355.ZM17145@fugit.ny.jpmorgan.com>

yerkes_chuck@jpmorgan.com (Chuck Yerkes) wrote:
>> The current best DES-cracker designs cost about $1M for a 4-hour crack,
>> which is about $100/crack if you can keep it busy for 5 years of amortization.
>
>Keep in mind that we already know what the clear-text is for the first
>word - this makes it MUCH easier.

Can you expound on this a bit? Given that the final SSL key is actually a 128
bit key (in the RC4 and RC2 cases), how does knowing the first chunk of data
help much at all? My understanding of known plain-text attacks is that you can
use them to reduce the search space for the key. However, given that we are
talking about a 128 bit key, the initial search spans a 2^128 search space
before any reduction can be made using the known plain-text.

True, you do know some of the data that was fed to MD5 to produce the keys, but
you don't know what MD5 did to that data and how it was dispersed via the hash
function. As far as I can tell, to attack an SSL session you need to produce
2^40th md5 digests of the appropriate values to generate the key space. Once
that has been done then you can match up the key space against the cipher
stream to find out which key was used.
 
---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp@netscape.com          http://home.mcom.com/people/kipp/index.htm

• Re: Netscape and 40 bit encryption
• From: "Chuck Yerkes" <yerkes_chuck@jpmorgan.com>

• Previous: Re: Netscape and 40 bit encryption
• Next: use of RSA outside US (was Re: Netscape and 40 bit encryption)
• Index(es):
  • Index
  • Thread