From: Andy Brown <asb@nexor.co.uk>
Date: Wed, 11 Oct 95 02:08:46 PDT
To: Piete Brooks <Piete.Brooks@computer-lab.cambridge.ac.uk>
Subject: Re: Hal's Third Challenge?
In-Reply-To: <"swan.cl.cam.:012510:951010200606"@cl.cam.ac.uk>
Message-ID: <Pine.SOL.3.91.951011094131.1754D-100000@eagle.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Oct 1995, Piete Brooks wrote:

> It seems that microsoft was the one to go for, as they too use 40 bit for
> each session ....  If someone can generate the CRACKing code and someone can
> donate an example, I'd be DELIGHTED to arrange another BRUTE !

If you mean STT, they're using a hotch-potch of methods in the exportable 
version.  40 bit RC4 protects the purchase order form and receipt, single 
DES-CBC protects the financial data and they claim that direct RSA 
protects the credit card numbers although this is far from clear from the 
specification (can someone clarify this?).

So you're going to need brutedes and/or some network factoring code (the 
smallest modulus they use is 512 bits which, realistically we do not have 
a chance of attacking in a reasonable time).


Regards,

- Andy

+-------------------------------------------------------------------------+
| Andrew Brown  Internet <asb@nexor.co.uk>  Telephone +44 115 952 0585    |
| PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A  C0 1F 9F 66 64 02 4C 88   |
+-------------------------------------------------------------------------+