Re: [P1619-3] SSL limited to 80 bits?

[Hannes Tschofenig <Hannes.Tschofenig@xxxxxxx>]

The answer to this question does not depend on SSL or TLS but instead 
relates to the chosen ciphersuite.
There are ciphersuites with pretty short key lenghts (originally because 
of export regulations).

When you use better ciphersuites then you get better security.

For example, you might want to take a look at this document that 
separated a few very weak ciphersuites out of the TLS specification:
http://tools.ietf.org/html/draft-ietf-tls-des-idea-01

There are obviously ciphersuites with pretty good security, for example:
http://tools.ietf.org/html/rfc3268

Ciao
Hannes


Luther Martin wrote:
> On the O&O call today I heard the claim that it's not possible to get more that 80 bits of security with SSL. This is probably too much detail to discuss on the call, so I'm asking this here. What's the basis for this claim? Or did I mis-hear this?
>