At 12:08 AM 5/28/96 +0700, peng-chiew low wrote: According to below, it looks like the session keys are single-DES, and they are swapped using RSA... I'd think people would rather try cracking the DES without bothering with the RSA -- be it 768 or 1024... (If the session key is weak, it doesn't much matter what you send it in...)

http://www.cybercash.com/cybercash/wp/bankwp.html#security

" CyberCash transactions are protected by a powerful and sophisticated system of encryption, combining DES private-key and RSA public-key encryption technologies. In fact, CyberCash's 768-bit RSA key encryption capability is unique in that it is the most powerful encryption technology currently licensed by the United States government for export. CyberCash also has been approved by the government for 1024-bit RSA key encryption, and will be providing that technology by the end of 1996. "

Regards, When we ask advice, we are usually looking for an accomplice. -Marquis de la Grange Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle@mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E