[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions for Magaziner?




>> Arnold G. Reinhold wrote:
>>
>> One question I'd like asked is whether the US Gov will approve 56-bit RC-4
>> for export on the same terms as 56-bit DES. That would allow export
>> versions of web browsers to be upgraded painlessly, making international
>> e-commerce 64 thousand times more secure than existing 40-bit browsers.
>> (56-bit DES browsers would require every merchant to upgrade their SSL
>> servers and introduce a lot of unneeded complexity.)
>
>Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES.  Either
>would require roughly the same changes to both clients and servers.
>

I was under the impression that 40-bit RC4 was accomplished by revealing 88
bits of the 128-bit key in a header. If a new 56-bit-RC4 browser was
implimented by setting16 of those 88 bits to zero, would any existing
server know the difference? If not, you would get an immediate improvement
in security, at least for browser to server messages, without waiting for
the servers to be upgraded.

No doubt I am missing something, but what?

Arnold