[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More 40-bit RC4 nonsense



On Dec 13,  2:59pm, Michael Johnson wrote:
> Why did the NSA require that an application using the Sapphire Stream Cipher
> be limited to a _32-bit_ session key instead of the well-known _40-bit_
> limit for RC4?  I wonder if there are other key bit leaks that cover the
other
> 60%?

It could also be because they've made an investment in custom hardware
to "crack" RC4 by justifying it in terms of the volume which will result
from the special export status, whereas the volume of sapphire use they are
expecting is lower and so they'll be using off-the-shelf systems to
decrypt any streams seen from it.

							Ian.