Encrypted sessions

Ben Laurie ben at algroup.co.uk
Sat, 20 Feb 1999 19:06:57 +0000 

Nicholas Bohm wrote:
> 
> I was left uncertain by recent exchanges about Server Gated Technology, and
> in the hope of enlightenment (and tolerance) from experts on the list,
> would like to state the questions as I understand them.
> 
> I use Netscape, and have "fortified" it.  As I understand it, this means
> that it can establish an SSL session based on a 128-bit symmetric key if
> the server is capable of doing this (whereas crippled Netscape, and any
> non-US version of MS IE, can only use a 40-bit key).  Right so far?

Yes.

> What I want to ask about is the server side, and whether there is a
> corresponding problem.  Is there lots of server software available for
> people who want sites that can set up 128-bit SSL sessions, or is there
> lots of crippled software that can only set up 40-bit sessions?

Apache-SSL supports 128 bit sessions. US exportware doesn't, natch.

>  Is there a
> server equivalent of PGP or Fortify, so that everyman can if he wants set
> up servers that support secure SSL sessions?

No.

>  Is this what Apache servers
> can do?

Yes.

> Is there some simple way to tell what strength session has been established?

In Netscape, connect to a secure server, then hit ctl-I and look at what
it says under "security".

> I gather that there is some deal where banks can get a certificate from
> someone that lets them enable 128-bit sessions on software that, in the
> absence of the certificate, sets up only 40-bit sessions:  will
> export-crippled browsers nevertheless be able to establish 128-bit sessions
> with such servers?

Yes. This is what Server-Gated Cryptography is. The "someone" that
issues the certs is Verisign.

> Lastly, is it right to assume that in all these cases the key negotiation
> process itself is secure, and that only the strength of the resulting key
> is what is affected by the limitations?

Yes. BTW, what is commonly known as a 40 bit key is actually a 128 bit
key of which 88 bits have been revealed to sniffers during session
setup. This avoids the dictionary attacks that would be available with a
true 40 bit key.

However, it is worth noting that the public/private keypair are also
limited in export-crippled s/w to 512 bits.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi