On Sat, Sep 19, 1998 at 02:13:39PM -0700, Tom Weinstein wrote:
Arnold G. Reinhold wrote:
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.)
Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES. Either would require roughly the same changes to both clients and servers.
Not easier technically but "easier" maybe politically. Key length seems to be held (probably wrongly) as a rough measure of crypto "strength" by journos and those in power. 40bit RC4 is weak. How strong would 56bit RC4 be? -- pgp 1024/D9C69DF9 1997/10/14 steve mynott <steve@tightrope.demon.co.uk>