Columbia crypto box

Steven M. Bellovin smb at
Tue Feb 11 10:40:51 EST 2003

In message <F504A8CEE925D411AF4A00508B8BE90A04D4A5D7 at
m>, "Trei, Peter" writes:

>If I recall correctly (dee3: Can you help?) WEP is actually derived
>from the encryption system used in the Apple Mobile Messaging 
>System, a PCMCIA paging card made for the Newton in the mid-90s.
>This used 40 bit RC4.
>Though only a few years have passed, it's difficult to remember now
>what an encumberance the ITAR export regulations were. Essentially,
>there was a (very short) list of ciphers and modes you could export.
>40-bit RC4 was relatively easy to export. Anything better,or anything
>which had not been already approved by the NSA, faced a bureaucratic
>nightmare and huge delays if it was approved at all.

The 40-bit issue is orthogonal to the other problems with WEP.  Look at 
IBM's Commercial Data Masking Facility (CDMF), a way to degrade the 
strength of DES from 56 bits to 40 bits, while still ensuring that 
they didn't enable any less-expensive attack.

		--Steve Bellovin, (me) (2nd edition of "Firewalls" book)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list