Re: [P1619-3] SSL limited to 80 bits?

[Charles Martin <Charles.Martin@xxxxxxx>]

Luther Martin wrote:
> On the O&O call today I heard the claim that it's not possible to get
> more that 80 bits of security with SSL. This is probably too much
> detail to discuss on the call, so I'm asking this here. What's the
> basis for this claim? Or did I mis-hear this?


It's true for appropriate values of "SSL".  You have several choices of 
both session key exchange and cipher, and there are choices that have 
about 80 bits, or even less.  I believe (without looking it up) that 
there are standard supported choices that can give you 128 bits.  In TLS 
there are more modern encryption algorithms available and I believe it 
can be configured for more.

-- 
        Charles R. Martin | Sr Staff Engineer | Sun Microsystems
Any technology distinguishable from magic is insufficiently advanced.
                charles.martin@sun.com | +1 303 661 6532