[RC5] How are keys kept secret?

Giorgio Elsner etjazz at infol.it
Fri Apr 30 14:38:44 EDT 1999


Hi all
Having followed for some time the discussions going on in this list, a
question came up in my mind which clearly shows that I am completely
dumb in the crypto business (which may come from the fact that I have no
secrets). I need encryption when I work with my bank via internet
(and probably this is right so - I wouldn't want somebody else to clear
my bank account). The bank asks for 128 bit encryption what gives me a
lot of trouble since living in Italy and working with a Swiss bank (I'm
Swiss BTW), I'm officially not entitled to get e.g. the Netscape
Communicator with strong encryption, and SecureNet does not work
properly on a Mac. Fortunately there exists replay.com which, however,
did not upgrade Netscape for the Mac to version 4.5.1 and there is a bug
in 4.5. OK, that's life. 
Now, I do not understand something. How is that encryption done in
practice? For communicating encrypted between two points, I assume that
both points have to know somehow the key used in this communication. I
personally do not know the key, of course, but the software on my Mac
must or it wouldn't understand the received message and couldn't encrypt
the messages it sends. Now, if I would be a professional hacker, I would
find a way - by unassembling the code and with real fancy reasoning - to
detect this key, even if it would have a multiple of 128 bits. Following
this reasoning, there must be only one key used in the whole world or
encryption and decryption wouldn't work between arbitrary sites. Knowing
this key one would have access to all encryption of any interest going
on over the net. Thus, encryption seems to be quite useless!
There must be a flaw in my arguments, I cannot believe that so much
fuss is done around crypto if it does actually not work in practice. Is
there a link somewhere on the net which makes all the work and is
securely protected? But then this would mean that the messages are sent
unencrypted over a big part of the net. Or is a new key used in every
transaction? But then this key has to be transmitted somehow and can be
read by a good hacker.
Can anybody enlighten my darkness? If I would be correct in all this
(which I doubt), d.net's efforts to find a 64bit key would seem to me
even more ridiculous as it already does (sorry, but I really wait for
something more useful to be done - the basic idea of distributed net is
too great to be spoiled by such a vanity), not to say anything about
the exportation blockade by the US government.

Juerg (Giorgio) Elsner, Piombino, Italy.

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list