On Fri, 29 Sep 1995, Bill Stewart wrote:

Some cryptographic high points, from a brief scan. - 1024-bit RSA signatures, using PKCS#1 format. - SHA 160-bit hashes - Symmetric bulk crypto includes two options (I haven't yet seen how you choose between them; I assume it's export/domestic?) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ == RC4/64 with 24 bits of salt leaving 40 bits of real key == DES-CBC - yes, that's single-DES. IV=0.

From http://www.windows.microsoft.com/windows/ie/stt.htm:

NOTE: this document covers the International version of the STT protocol, which includes DES encryption of all financial data, direct RSA encryption of bank card account numbers, and 40 bit RC4 encryption of the purchasing order form contents and receipt. A US/Canada version of the protocol with triple-DES encryption of the order, receipt, and all financial data and direct RSA encryption of bank card account numbers will be documented and published in the near future. So it looks like single DES is now OK for export, at least it seems to be in this case where its application is strictly limited to "financial data". - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet <asb@nexor.co.uk> Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+