1995-01-20 - Re: Netscape, RC4, key exchange?

Header Data

From: kipp@warp.mcom.com (Kipp E.B. Hickman)
To: aba@atlas.ex.ac.uk
Message Hash: bf29f6f0db142d57a93310b1e9b62b7e51690182675e7ba339b7ce6408a78a22
Message ID: <9501201949.AA17175@warp.mcom.com>
Reply To: N/A
UTC Datetime: 1995-01-20 20:25:09 UTC
Raw Date: Fri, 20 Jan 95 12:25:09 PST

Raw message

From: kipp@warp.mcom.com (Kipp E.B. Hickman)
Date: Fri, 20 Jan 95 12:25:09 PST
To: aba@atlas.ex.ac.uk
Subject: Re: Netscape, RC4, key exchange?
Message-ID: <9501201949.AA17175@warp.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain



In article <19875.9501201052@exe.dcs.exeter.ac.uk>, you write:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> grendel@netaxs.com wrote:
> > aba@atlas.ex.ac.uk wrote:
> > > I have code to generate the RSA key pairs and modulus, what I am
> > > looking for is code to factorise a number using one of the better
> > > algorithms (quadratic sieve, etc.).
> >
> >	It's been established that the encryption in Netscape is 40 bit 
> >RC4, not 40 bit RSA, [...]
> 
> Ok, so Netscape (the exported version only?) uses 40bit RC4 for
> encryption, but what about key exchange?  RC4 is a stream cypher so
> both the receiver and sender need to know the key.  Does anybody know
> what method Netscape uses to exchange keys DH, RSA, other? and what
> key sizes?

If you read the spec (http://www.mcom.com/info/SSL.html), you will see
that SSL uses RSA public key encryption for key exchange. However, the
protocol is slightly more general than that, so if there is a
different public key algorithm it is possible for SSL to support it.

---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp@netscape.com          http://home.mcom.com/people/kipp/index.html







Thread