[535] in WWW Security List Archive
Netscape and 40 bit encryption
daemon@ATHENA.MIT.EDU (Chuck Yerkes)
Fri Mar 24 17:18:58 1995
From: "Chuck Yerkes" <yerkes_chuck@jpmorgan.com>
Date: Fri, 24 Mar 1995 13:14:06 -0500
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
First off, I'm a consultant, so I don't speak for my clients....
I'v been looking at the SSL implementation and the Netscape
server and I'm finding that Authentication is done via a
40 bit key. It this right???
If so, breaking a 40bit key, especially when you know the first
work of the data, seems to me to be trivial - a network of Sun's
represents a fair amount of computing cycles, likely enough to
break this.
Am I off base on this?
chuck
---------
chuck yerkes chuck@yerkes.com