http://www.cwi.nl/index.html
http://www.cwi.nl/~kik/persb-UK.html
http://www.loria.fr/~zimmerma/records/RSA155
http://www.rsa.com/rsalabs/html/factoring.html
http://www.rsa.com/pressbox/html/990826.html
http://www.rsa.com/rsalabs/html/rsa155.html
----------
> From: Ben Nagy <[EMAIL PROTECTED]>
> To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
<[EMAIL PROTECTED]>
> Subject: RE: SSL use RSA keys? Follow up question...
> Date: 08 September 1999 04:01
>
> Uh, that's mostly right. My understanding is as follows:
>
> DISCLAIMER: This is long, Off Topic, probably inaccurate and employs
> frequest use of sarcasm. Feel free to hit your delete key now.
>
> The Cast:
>
> Client - Armed with the latest major browser and their knowledge that
they
> are at the bleeding edge of technology, wants to do s00per sec00r web
stuff.
>
> Bank - Ready and willing to oblige, and is armed with an SSL server, a
2048
> bit RSA keypair and a temporary 512 bit RSA keypair which was generated
last
> time it restarted. Hopefully a new 512 bit RSA key will be generated
often,
> since RSA recommends a minimum of 768-bit. Note that this is only a
> recommendation that applies to The Good Guys (US residents) whereas the
rest
> of us Apple Pie Hating Commie Scum should think ourselves lucky that we
have
> 512 bit instead of Uncle Sam camping in our underpants and watching our
> every move like we deserve.
>
> Act I - Key Exchange
>
> Client: "Yo, www.bank.com - gimme some o' that secure action"
> Bank: "Sho 'nuff. Here are the encryption sets I know."
> <Client> Generates 48 bytes of white noise
> Client: "OK, here's my white noise. I'm unfortunate enough to live in
> AUSTRALIA, which must be some kind of HOSTILE STATE and I'm not ALLOWED
to
> have your REALLY SMRT STRONG CRYPTO so I'll just encrypt it with your
tiny
> 512 bit key."
> US Government: (Chilling laugh in the manner of Stalin upon contemplating
> Russia)
>
> We pause as the client and the bank both do computer stuff to the white
> noise. They'll throw in some stuff like the session id etc. When they're
> done, they will have both generated a "Master Key". These Master Keys are
> the same, but they have never been transmitted over the wire. From these
> master keys, both ends generate some other keys. Different keys are used
for
> reading and writing, so there is actually more than one symmetric key
that
> will be generated here. Since our hapless Client is stuck in AUSTRALIA,
they
> will only be able to use a PATHETIC 40 bit key, which stands up to
> cryptanalysis like fairy floss stands up to a blowtorch.
>
> Next, optionally, we have this:
>
> Bank: Ok, buddy. So how do I know that you're really Client and not
actually
> an Evil Hacker intent on gorging yourself on the tender electronic bucks
> stored in my underbelly? Show me your X.509 certificate...
> Client: Here. Ask BigCA about me - I'm the real deal.
> Bank: Hmmm...well, the certificate checks out. Welcome to ExtortionBank -
> Bank of the Future!
>
> Act II - 'secure' transaction
>
> Now, during the 30 seconds before the hackers, who are clustered around
this
> exchange like acne-ridden vultures, crack the 40 bit keys, Client tries
to
> get all their banking done. Any data that is sent back and forth is
> encrypted with ROT-13^H^H^H^H^H^H the 40 bit keys - no data is encrypted
> with the RSA stuff.
>
> Note that at the moment we have a SESSION. If Client opens another
window,
> has a machine crash, goes for lunch, etc, they can come back to this
session
> (as long as the Bank doesn't expire it) and pick up where they left off,
> without doing the key exchange thang. Recommendations are probably for
> around 24 hours, which gives that hackers 23 hours and 54 minutes of free
> range with the cracked 40 bit keys. Of course if the session is actually
> closed by the client, it's gone much sooner.
>
> Once this session closes, all those sickly 40 bit keys are discarded,
never
> to be used again.
>
> So, we can see that:
>
> Should the session keys be broken, it's not that much of a big deal,
> provided that your session doesn't go on for more than the 2.3 seconds it
> takes to break 40 bit DES.
> Should the 512 bit RSA key be factored, it's bad if and only if Bad Guys
are
> watching the wire at the time the pre-master-secret is exchanged. It's
also
> pretty unlikely, sine the latest effort took A Goodly Time (tm).
> Should the 2048 bit RSA key be factored, we'll all be VERY SURPRISED
> US export laws for encryption suck.
>
> Thankyou for your time.
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 08, 1999 7:12 AM
> > To: [EMAIL PROTECTED]
> > Subject: SSL use RSA keys? Follow up question...
> >
> >
> > To all,
> > First, to all that contributed responses so far, thank you
> > very much for
> > being patient and providing a wealth of information to my sort of
> > clueless mind.
> >
> > I've read everyone's responses in detail. Spent hours
> > mulling over the
> > original article in the NY Times
> > (http://www.nytimes.com/library/tech/99/09/biztech/articles/06
> > code.html)
> > that started all this hoopla.
> >
> > What's scary, is that I think I'm getting a clue here. But
> > I'd like to
> > submit my thoughts and a few questions to you'all for review/comment
> > before I even think I might have a clue. Here we go:
> >
> > Background: Web server using SSL 128-bit Strong U.S. encryption
> > w/compatible browser.
> >
> > My understanding of the process:
> [snip]
> > QUESTION: Is what I've said above correct? (in CEO's terminology)
> >
> > Please keep in mind that I'm from the "old" crypto days (70's & 80's)
> > before PC's. I'm trying, be gentle.
> >
> > Thanks a bunch,
> > Michael Sorbera
> > Webmaster
> > Randolph-Brooks Federal Credit Union
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
