Tip:
Highlight text to annotate it
X
The second problem--the decision about what ciphers
and hash functions to use--is based on these clear text messages.
An attacker who tampers with these can make the client and server
use some very weak cipher and then be able to break messages encrypted without cipher.
This was really a problem because US Export Control Law is meant
that some of these ciphers were very weak.
It was necessary to support ciphers that use only a 40-bit key to satisfy US laws.
That meant the encryption was weak enough that it could easily be broken by brute force.
The solution to this is to make sure that these messages are also authenticated.
That can’t be done at the beginning because there is no key established yet,
but that can be done at later steps.