From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Tue, 28 May 1996 10:31:37 +0800
To: dcsb@ai.mit.edu
Subject: Re: CyberCash just did it!
Message-ID: <9605272240.AA13168@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 AM 5/28/96 +0700, peng-chiew low wrote:

According to below, it looks like the session  keys are single-DES, and they
are swapped using RSA... I'd think people would rather try cracking the DES
without bothering with the RSA -- be it 768 or 1024... (If the session key
is weak, it doesn't much matter what you send it in...)

>http://www.cybercash.com/cybercash/wp/bankwp.html#security
>
> " CyberCash transactions are protected by a powerful and sophisticated
>   system of encryption, combining DES private-key and RSA public-key 
>   encryption technologies. In fact, CyberCash's 768-bit RSA key encryption
>   capability is unique in that it is the most powerful encryption technology
>   currently licensed by the United States government for export. CyberCash 
>   also has been approved by the government for 1024-bit RSA key encryption,
>   and will be providing that technology by the end of 1996. "
_______________________
Regards,            When we ask advice, we are usually looking for 
                    an accomplice. -Marquis de la Grange
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E