Re: [P1619-3] SSL limited to 80 bits?
Yes, I think for SSL (and even IKE) it depends on
the negotiated cipher-suite and key length.
/thomas/
> -----Original Message-----
> From: Charles Martin
[mailto:Charles.Martin@SUN.COM]
> Sent: Wednesday, April 23, 2008 1:39 PM
> To: P1619-3@LISTSERV.IEEE.ORG
> Subject: Re: [P1619-3] SSL limited to 80 bits?
>
> Luther Martin wrote:
> > On the O&O call today I heard the claim that
it's not
> possible to get
> > more that 80 bits of security with SSL. This
is probably too much
> > detail to discuss on the call, so I'm asking
this here. What's the
> > basis for this claim? Or did I mis-hear this?
>
>
> It's true for appropriate values of "SSL". You
have several
> choices of both session key exchange and cipher,
and there
> are choices that have about 80 bits, or even
less. I believe
> (without looking it up) that there are standard
supported
> choices that can give you 128 bits. In TLS
there are more
> modern encryption algorithms available and I
believe it can
> be configured for more.
>
> --
> Charles R. Martin | Sr Staff Engineer |
Sun
> Microsystems Any technology distinguishable from
magic is
> insufficiently advanced.
> charles.martin@sun.com | +1 303
661 6532
>
smime.p7s