Re: What benefit would there be in using triple RC4-40?

New Message Reply About this list Date view Thread view Subject view Author view

Andy Brown (Andy.Brown@nexor.co.uk)
Tue, 25 Aug 1998 09:38:02 +0100


Michael Paul Johnson wrote:

> Of course, for the above to be true, you would have to encrypt individual
> blocks, not files where known plaintext headers may be inserted, which
> would defeat the key strengthening. If the MS-CAPI inserts such headers,
> then encrypting 3 times would only triple the effort needed to crack the
> message, not increase the difficulty of cracking by 2^80. Check what the
> CAPI does carefully.

The "strength" of a CAPI application seems to rest entirely upon the security
of the particular Cryptographic Service Provider (CSP) that you choose to use.
All you lucky people inside the USA have a choice of many, including Fortezza
and even a biometric fingerprint version. Problem is, outside the USA we are
stuck with only the default MS provider which gets you 40 bit RC4/RC2, 512 bit
RSA and your private keys stored in the registry. Unpleasant.

Thanks for all the advice, I'm more interested than ever in finding out the
security of multiple applications of a stream cipher now just as a matter of
curiosity.

- Andy


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:01