[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time-memory tradeoff in SSL's RC4 code?
-----BEGIN PGP SIGNED MESSAGE-----
>Date: Thu, 17 Aug 1995 08:32:56 -0400
>From: "Perry E. Metzger" <[email protected]>
>Subject: Re: SSL challenge -- broken !
>It has occured to me that, because the RC4 key crackers spend most of
>their time in key setup, you can crack N SSL sessions that you
>captured in not substantially more time than it took to crack 1. This
>is analagous to the way brute force Unix password file hacking operates.
This would work with straight 40-bit keys, but I believe SSL uses
128-bit keys, and then intentionally leaks 88 bits to comply with
export requirements, to prevent this kind of attack from working.
--John Kelsey, [email protected]
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----