-----BEGIN PGP SIGNED MESSAGE----- From: Damien.Doligez@inria.fr (Damien Doligez)
This is to announce the solution of the SSL challenge posted by Hal Finney on July 17, 1995 (message-ID: <3u6kmg$pm4@jobe.shell.portal.com>), also found at: <URL:http://www.portal.com/~hfinney/sslchal.html>
Although it is hardly necessary, I can confirm the accuracy of the decryption found, and I extend my congratulations for this achievement! Ironically, I understand that an independent effort coordinated by Adam Back also discovered the key at approximately the same time. In addition, Eric Young had done a search starting at 8000000000 and upwards; unfortunately the key value of 7ef0961fa6 was only about one percent below his starting point. Hopefully Adam will supply more information. It will be interesting to see what the fallout is from this accomplishment. It should provide ammunition for the current effort by Microsoft and other companies to try to persuade the government to allow the export of full 56 bit DES. Knowing the tendency of the media and the net to oversimplify, this will probably come out as "SSL is broken" just as the RSA-129 result led to "RSA is broken" stories. This would not be as egregious an oversimplification as in the RSA case, but in fairness it should be recognized that SSL as a spec provides support for much stronger ciphers than the intentionally weakened RC4-40 which was broken here, but Netscape was constrained by the government to supply browsers with only the weak encryption. I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien and others who worked on it). It is a useful reminder that the things we work on here can have profound consequences. Hal Finney hfinney@shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBMDIuehnMLJtOy9MBAQHQbwH+I0YL1ewcCbXOGw8yYvKXIJMg15O0jmqW wMb6SKrethbJzpWXJBpC1oKrl8wVzPvqBCLJtfJFWcN9xD4pTOluhA== =0GPy -----END PGP SIGNATURE-----