- From: Bennet Yee <bsy@cs.ucsd.edu>
- Date: Thu, 25 Apr 1996 14:49:04 -0700
- To: dpkemp@missi.ncsc.mil (David P. Kemp)
- Cc: ietf-tls@w3.org
I haven't looked at PCTv2 recently, so a caveat. However, if you just think about how SSL and PCT work wrt exchanging a master key and hashing down to read/write keys that are 40-bits, one could imagine the passwords be protected by a >>40-bit key (probably not the master key directly, but perhaps something else derived from it). Network eavesdroppers that wish to perform an exhaustive search of the space of passwords must also determine this other key, which is difficult. This may not be a kosher way to do things wrt export, however, since one could imagine that secret messages are transmitted in this way (the password is the message) which are protected by >40-bit crypto. -bsy -------- Bennet S. Yee Phone: +1 619 534 4614 Email: bsy@cs.ucsd.edu Web: http://www-cse.ucsd.edu/users/bsy/ USPS: Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114
Received on Thursday, 25 April 1996 17:49:22 UTC