From: Jeff Barber <jeffb@sware.com>
To: baldwin@RSA.COM (RobertW.Baldwin) (baldwin)
Message Hash: f714271bf99ce3acc539ca6968aaa5f90588ad7d3193fa3312d5c3b2a352a123
Message ID: <199510242006.QAA19382@jafar.sware.com>
Reply To: <9509248145.AA814557096@snail.rsa.com>
UTC Datetime: 1995-10-24 20:06:01 UTC
Raw Date: Tue, 24 Oct 95 13:06:01 PDT
From: Jeff Barber <jeffb@sware.com>
Date: Tue, 24 Oct 95 13:06:01 PDT
To: baldwin@RSA.COM (RobertW.Baldwin) (baldwin)
Subject: Re: 80 bit security from 40 bit exportable products
In-Reply-To: <9509248145.AA814557096@snail.rsa.com>
Message-ID: <199510242006.QAA19382@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain
baldwin writes:
>
> Long ago vendors should have put encryption into network layer
> products, but for a variety of reasons that effort was delayed or
> discouraged. One effect of this lack is that almost every layer of
> the network stack is adding its own encryption. For example, the
> HTTP session layer added S-HTTP and the TCP transport layer added
> SSL. Soon we will have network layer encryption with IPsec.
> The vendors for each layer can export a product that uses
> ciphers with 40 bit keys. A user can then combine multiple
> products to get more than 40 bits worth of security. For example,
> a web client might fetch an S-HTTP page over an SSL protected link
> via a firewall that supports IPsec tunnels. That's three 40 bit
> keys protecting the data over the internet link (of course, this
> may not be equivalent to a 120 bit cipher, that depends on the
> details of the cipher systems and independence of the key setups).
> Interesting possibilities.
> --Bob Baldwin
Even if you assume complete independence of key setup, if a successful
decryption at each layer can be independently detected and verified
(which seems likely in your example), there're only about 3 * (2 ^ 40)
total operations in the worst case, NOT 2 ^ (3 * 40) operations needed
to expose the plaintext. This is an effective 41.5 bits, not 120.
-- Jeff
Return to October 1995
Return to “Jeff Barber <jeffb@sware.com>”