Sometimes paranoia strikes. Since these musings are crypto related, I thought I would share them. (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? We know that a university CS student can break one message in a week using the universities farm of workstations. But, our foremost reputation agency for crypto strength, the ITAR, allows systems with RC4-40 to be exported. What does this mean? I combine the above with Whit Diffie's observation that, while crypto users are interested in the security of *each* message, organizations which monitor communications want to read *every* message. A TLA interested in monitoring communications would need to crack RC4-40 much faster than 1/week. Now expensive specialized cracking equipment can certainly speed up the process, but there may be a better way. If cryptanalysis of RC4 yields techniques which make the process much easier, then it is the ideal cypher to certify for export. The paranoid conclusion is that there is a significant weakness in RC4. (2) What did Microsoft give up to export its crypto API? Well, if you were a TLA, what would you want. I think I would want an agreement to be able to insert my own code in that vendor's products. Then I would be able to have widely distributed Trojan horses signed by the vendor. I would have the opportunity to significantly weaken standardized crypto systems installed world wide. Conspiracy theorists, start your mailers. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz@netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA