[12510] in cryptography@c2.net mail archive
Re: Columbia crypto box
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Feb 11 11:02:07 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Trei, Peter" <ptrei@rsasecurity.com>
Cc: daw@mozart.cs.berkeley.edu,
"'Arnold G. Reinhold'" <reinhold@world.std.com>,
cryptography@wasabisystems.com
Date: Tue, 11 Feb 2003 10:40:51 -0500
In message <F504A8CEE925D411AF4A00508B8BE90A04D4A5D7@exna07.securitydynamics.co
m>, "Trei, Peter" writes:
>>
>If I recall correctly (dee3: Can you help?) WEP is actually derived
>from the encryption system used in the Apple Mobile Messaging
>System, a PCMCIA paging card made for the Newton in the mid-90s.
>This used 40 bit RC4.
>
>Though only a few years have passed, it's difficult to remember now
>what an encumberance the ITAR export regulations were. Essentially,
>there was a (very short) list of ciphers and modes you could export.
>40-bit RC4 was relatively easy to export. Anything better,or anything
>which had not been already approved by the NSA, faced a bureaucratic
>nightmare and huge delays if it was approved at all.
>
The 40-bit issue is orthogonal to the other problems with WEP. Look at
IBM's Commercial Data Masking Facility (CDMF), a way to degrade the
strength of DES from 56 bits to 40 bits, while still ensuring that
they didn't enable any less-expensive attack.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
