Re: [P1619-3] SSL limited to 80 bits?
I believe that the original comment may have been referring to the fact that integrity checking using SHA-1 HMAC is hardwired into SSL and TLS. But although you might be able to argue that SHA-1 only gives 80 bits of strength (perhaps even less), there's no way that you can argue that SHA-1 HMAC has the same limitation. So I don't see how you can support the claim that SSL and TLS are limited to 80 bits of strength. In particular, I believe that they're fine for transport in P1619.3.
> -----Original Message-----
> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net]
> Sent: Wednesday, April 23, 2008 2:15 PM
> To: Luther Martin
> Cc: P1619-3@LISTSERV.IEEE.ORG
> Subject: Re: [P1619-3] SSL limited to 80 bits?
>
> The answer to this question does not depend on SSL or TLS but instead
> relates to the chosen ciphersuite.
> There are ciphersuites with pretty short key lenghts (originally because
> of export regulations).
>
> When you use better ciphersuites then you get better security.
>
> For example, you might want to take a look at this document that
> separated a few very weak ciphersuites out of the TLS specification:
> http://tools.ietf.org/html/draft-ietf-tls-des-idea-01
>
> There are obviously ciphersuites with pretty good security, for example:
> http://tools.ietf.org/html/rfc3268
>
> Ciao
> Hannes
>
>
> Luther Martin wrote:
> > On the O&O call today I heard the claim that it's not possible to get
> more that 80 bits of security with SSL. This is probably too much detail
> to discuss on the call, so I'm asking this here. What's the basis for this
> claim? Or did I mis-hear this?
> >