Tong, Aaron wrote:
| How long does it take to break a message encrypted using RC4 with 40bit
| secret key? What computer resource is required?
Depends how much you spend. Several students have put together the
resources to do it in a little over a day; presumably any cracker with
a sniffer could get the same at a university. The Schneier, Blaze,
Rivest, et al paper estimated the cost per key, when amortized over 3
years, to be 8 cents. ftp://ftp.research.att.com/dist/mab/keylength.ps
| Is the US Government considering to allow longer bit length to export?
| If so, what bit length will be allowed (56bit or 128bit)? How strong is
| 56bit and 128bit?
No, but they want industry to think that they are. 56 bit des
is on the verge of being breakable by a large network attempt. I
strongly counsel my clients against deploying anything at all with
OTOH, Judge Patel just ruled the ITARs to be unjustifiable
prior restraint of free speech in Northern California, in regards to
academic publication. www.eff.org should have something soon.
| Does those browser that support longer bit length (>40bit e.g. 128bit)
| can be used outside US?
Sure, as long as you didn't export it illegally from the US.
| Any advise or pointer to related site is appreciated
www.brokat.de: 128 bit SSL in Java
www.r3.ch: Something similar that I haven't looked at.
"It is seldom that liberty of any kind is lost all at once."