Nagaraj Bagepalli wrote:
>
> >
> > > Does openssl support export level cipher suites?
> >
> > Yes; look for EXP in the list of ciphers. Unless you have an old
> > installed base that you cannot convert, however, do not bother.
> >
> > > which does the 40 bit DES.
> > That's because it's 40-bit RC4.
> >
> > There is 40bit DES, called CMDF. Patented by IBM. Rarely used.
>
> Does the same, CMDF, is used with cipher suites like
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA? If not how does openssl derive 40 bit
> key to support such cipher suites?
>
It does it in exactly the same way any other export cipher is handled.
40 refers to the amount of entropy being used and not the key length. 40
bits of entropy is expanded into a 64bit key of which 56 bits is
effectively used.
Similarly "40 bit" RC4 is in fact 40bits of entropy expanded into a 128
bit key which is then used with RC4.
See RFC2246 Appendix C.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
