Paranoid Musings

[Bill Frantz]

Sometimes paranoia strikes.  Since these musings are crypto related, I
thought I would share them.

(1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 
We know that a university CS student can break one message in a week using
the universities farm of workstations.  But, our foremost reputation agency
for crypto strength, the ITAR, allows systems with RC4-40 to be exported. 
What does this mean?

I combine the above with Whit Diffie's observation that, while crypto users
are interested in the security of *each* message, organizations which
monitor communications want to read *every* message.  A TLA interested in
monitoring communications would need to crack RC4-40 much faster than
1/week.

Now expensive specialized cracking equipment can certainly speed up the
process, but there may be a better way.  If cryptanalysis of RC4 yields
techniques which make the process much easier, then it is the ideal cypher
to certify for export.

The paranoid conclusion is that there is a significant weakness in RC4.



(2) What did Microsoft give up to export its crypto API?

Well, if you were a TLA, what would you want.  I think I would want an
agreement to be able to insert my own code in that vendor's products.  Then
I would be able to have widely distributed Trojan horses signed by the
vendor.  I would have the opportunity to significantly weaken standardized
crypto systems installed world wide.


Conspiracy theorists, start your mailers.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz at netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA