Encrypted sessions

[Ben Laurie]

Nicholas Bohm wrote:
> 
> At 07:06 PM 2/20/1999 +0000, Ben Laurie wrote:
> >Nicholas Bohm wrote:
> [snip]
> >> Lastly, is it right to assume that in all these cases the key negotiation
> >> process itself is secure, and that only the strength of the resulting key
> >> is what is affected by the limitations?
> >
> >Yes. BTW, what is commonly known as a 40 bit key is actually a 128 bit
> >key of which 88 bits have been revealed to sniffers during session
> >setup. This avoids the dictionary attacks that would be available with a
> >true 40 bit key.
> >
> >However, it is worth noting that the public/private keypair are also
> >limited in export-crippled s/w to 512 bits.
> 
> Is that limitation overriden by a Verisign certificate enabling use of
> 128-bit symmetric keys?  If not, the protection for the key negotiation
> seems weaker than the resulting key.

Yes. The 512 bit thing is part of the particular ciphersuites which are
used for export crypto. When you use a non-export ciphersuite, the
public key size is unlimited.

BTW, there are new export ciphersuites on the table that have 56 secret
bits and 1024 bit public keys.

> And when you say "88 bits have been revealed to sniffers", could you
> explain further:  whose sniffers?  Who can get access to the 88 bits?

Anyone who can monitor the conversation.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi