[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Time-memory tradeoff in SSL's RC4 code?

To: [email protected]
Subject: Time-memory tradeoff in SSL's RC4 code?
From: [email protected]
Date: Fri, 18 Aug 1995 22:42:09 -0400 (EDT)
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

>Date: Thu, 17 Aug 1995 08:32:56 -0400
>From: "Perry E. Metzger" <[email protected]>
>Subject: Re: SSL challenge -- broken !

>It has occured to me that, because the RC4 key crackers spend most of
>their time in key setup, you can crack N SSL sessions that you
>captured in not substantially more time than it took to crack 1. This
>is analagous to the way brute force Unix password file hacking operates.

This would work with straight 40-bit keys, but I believe SSL uses
128-bit keys, and then intentionally leaks 88 bits to comply with
export requirements, to prevent this kind of attack from working.

>Perry

   --John Kelsey, [email protected]
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMDVGXUHx57Ag8goBAQFyUQP7B7fhKc8AqpcHnQ09ip5gOfy5QMCtGImB
f1Y9lZtAmLFwOIkrfdaL2vCWJKIKc7yg8+FwtmX6Q8yYWH4TdE5eWOGIKSfl5Q8f
etVgF2B49T5Lxxb02ah5cHfO8baOqQOTMkvzQ9bj0XVqAItPoPjDTCOAAegwKZ3V
6L+kZQn89lY=
=KkAX
-----END PGP SIGNATURE-----

Prev by Date: Re: Exportable if Escrowed Changes Nothing!
Next by Date: Export policy change
Prev by thread: Re: Red Shift
Next by thread: Anonymous certificates
Index(es):
- Date
- Thread