[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time-memory tradeoff in SSL's RC4 code?
-----BEGIN PGP SIGNED MESSAGE-----
>Date: Thu, 17 Aug 1995 08:32:56 -0400
>From: "Perry E. Metzger" <[email protected]>
>Subject: Re: SSL challenge -- broken !
>It has occured to me that, because the RC4 key crackers spend most of
>their time in key setup, you can crack N SSL sessions that you
>captured in not substantially more time than it took to crack 1. This
>is analagous to the way brute force Unix password file hacking operates.
This would work with straight 40-bit keys, but I believe SSL uses
128-bit keys, and then intentionally leaks 88 bits to comply with
export requirements, to prevent this kind of attack from working.
>Perry
--John Kelsey, [email protected]
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMDVGXUHx57Ag8goBAQFyUQP7B7fhKc8AqpcHnQ09ip5gOfy5QMCtGImB
f1Y9lZtAmLFwOIkrfdaL2vCWJKIKc7yg8+FwtmX6Q8yYWH4TdE5eWOGIKSfl5Q8f
etVgF2B49T5Lxxb02ah5cHfO8baOqQOTMkvzQ9bj0XVqAItPoPjDTCOAAegwKZ3V
6L+kZQn89lY=
=KkAX
-----END PGP SIGNATURE-----