SSL, banks, was Re: [plug] StarOffice
Christian
christian at amnet.net.au
Wed Jun 28 20:58:44 WST 2000
On Tue, Jun 27, 2000 at 11:03:31PM +0800, Peter Wright wrote:
>
> > The export versions were 128 bit "capable" - thats why fortify
> > could exist. They were just crippled to normally use 40-bit.
>
> Aha. Wonder exactly how they were crippled? *looks thoughtful* In any
> case, thank you for explaining that. That makes a lot more sense.
It's not so much that it's crippled per se. It just won't use the
larger key length unless this is specifically enabled by the special
certificate. The symmetric algorithm most commonly used in SSL is RC4
which is a stream cipher designed to be able to use a variable length
key. So, if the browser is an International version then it always uses
a 40-bit key unless presented with the appropriate certificate. If it's
a US version then it is happy to use a 128-bit key if possible.
Regards,
Christian.
More information about the plug
mailing list