Columbia crypto box
Steven M. Bellovin
smb at research.att.com
Tue Feb 11 10:40:51 EST 2003
In message <F504A8CEE925D411AF4A00508B8BE90A04D4A5D7 at exna07.securitydynamics.co
m>, "Trei, Peter" writes:
>>
>If I recall correctly (dee3: Can you help?) WEP is actually derived
>from the encryption system used in the Apple Mobile Messaging
>System, a PCMCIA paging card made for the Newton in the mid-90s.
>This used 40 bit RC4.
>
>Though only a few years have passed, it's difficult to remember now
>what an encumberance the ITAR export regulations were. Essentially,
>there was a (very short) list of ciphers and modes you could export.
>40-bit RC4 was relatively easy to export. Anything better,or anything
>which had not been already approved by the NSA, faced a bureaucratic
>nightmare and huge delays if it was approved at all.
>
The 40-bit issue is orthogonal to the other problems with WEP. Look at
IBM's Commercial Data Masking Facility (CDMF), a way to degrade the
strength of DES from 56 bits to 40 bits, while still ensuring that
they didn't enable any less-expensive attack.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list