[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Time to exhaustively break 40-bit RC4?
On Dec 17, 1:49pm, Hal wrote:
> Subject: Re: Time to exhaustively break 40-bit RC4?
> I notice in the Netscape SSL spec the 40-bit export-approved RC4
> key generation is a little more complicated than I would have thought.
> First a 128 bit "master key" is chosen and 88 bits are revealed, leaving
> 40 bits secret. Then the RC4 session key is generated as the MD5 hash of
> this master key plus about 32 bytes of publically known but random
> information. I'm not clear whether the 128-bit output of the MD5 hash is
> then used as the RC4 key, or whether only 40 bits are used (and if so,
> whether there are any public bits in the key besides these 40).
128 bits are used. I have cleaned up the spec language to make this more
obvious.
> If the former, then this extra hash step should really slow down
> exhaustive search of the key space. If the latter, then it is not clear
> why the master key is key-size restricted at all since it is not likely
> to be used in searching the key space. Maybe someone from Netscape could
> clear up how this is done.
Hopefully it will slow down exhaustive key search.
Hope this helps, and thanks again for the comments.
--
---------------------------------------------------------------------
Kipp E.B. Hickman Netscape Communications Corp.
[email protected] http://www.mcom.com/people/kipp/index.html