17 Dec
2003
17 Dec
'03
11:17 p.m.
On Dec 13, 2:59pm, Michael Johnson wrote:
Why did the NSA require that an application using the Sapphire Stream Cipher be limited to a _32-bit_ session key instead of the well-known _40-bit_ limit for RC4? I wonder if there are other key bit leaks that cover the other 60%?
It could also be because they've made an investment in custom hardware to "crack" RC4 by justifying it in terms of the volume which will result from the special export status, whereas the volume of sapphire use they are expecting is lower and so they'll be using off-the-shelf systems to decrypt any streams seen from it. Ian.