[553] in WWW Security List Archive
Re: Netscape and 40 bit encryption
daemon@ATHENA.MIT.EDU (Kipp E.B. Hickman)
Tue Mar 28 17:33:59 1995
To: www-security@ns1.rutgers.edu
From: "Kipp E.B. Hickman" <kipp@netscape.com>
Date: 28 Mar 1995 17:57:22 GMT
Errors-To: owner-www-security@ns2.rutgers.edu
yerkes_chuck@jpmorgan.com (Chuck Yerkes) wrote:
>> The current best DES-cracker designs cost about $1M for a 4-hour crack,
>> which is about $100/crack if you can keep it busy for 5 years of amortization.
>
>Keep in mind that we already know what the clear-text is for the first
>word - this makes it MUCH easier.
Can you expound on this a bit? Given that the final SSL key is actually a 128
bit key (in the RC4 and RC2 cases), how does knowing the first chunk of data
help much at all? My understanding of known plain-text attacks is that you can
use them to reduce the search space for the key. However, given that we are
talking about a 128 bit key, the initial search spans a 2^128 search space
before any reduction can be made using the known plain-text.
True, you do know some of the data that was fed to MD5 to produce the keys, but
you don't know what MD5 did to that data and how it was dispersed via the hash
function. As far as I can tell, to attack an SSL session you need to produce
2^40th md5 digests of the appropriate values to generate the key space. Once
that has been done then you can match up the key space against the cipher
stream to find out which key was used.
---------------------------------------------------------------------
Kipp E.B. Hickman Netscape Communications Corp.
kipp@netscape.com http://home.mcom.com/people/kipp/index.html
