[RC5] 40 bit encryption, and what about implementation

Fuzzy Logic fuzzman at m-net.arbornet.org
Sat Mar 16 19:41:59 EST 2002


In this case (SSL), no-one transmits the key at all.  The master secret is
used to derive the key.

As for asymmetric encryption being slow, boy have you got that right.  The
hardware I work on can do 2400 RSA decrypts per second with an 8-engine
system, but I can beat that in software doing TDES. :)

Fuzzy
-- 
Quidquid Latine dictum sit, altum videtur.
Si hoc legere scis, nimium eruditionis habes.
Vir sapit qui pauca loquitur.
Cras amet qui numquam amavit, quique amavit cras plus amet.
Uno itinere non potest perveniri ad tam grande secretum.

On Sat, 16 Mar 2002, Gerhard Strangar wrote:

> Jeroen wrote:
> 
> > If i visit a website with 40 bit encryption, how do i know the
> > site's key and how does the site mine?
> 
> There's only one key in symmetric encryption and one party has to
> transmit it to the other one.
> 
> > If there is a man in the middle attack, the key can be 2^40 bit long
> > :-) but still insecure.
> 
> The transmission of the key is encrypted (asymmetrically). But
> asymmetric encryption is *very* slow, that's why only the key for
> symmetric encryption is encrypted this way.

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list