On Tue, 26 Aug 1997, Jason William RENNIE wrote:
Does anybody know how strong the export netscape crypto stuff is ??
Netscape3 export version usually uses RC4 with a 40 bit shared key.
Is the stuff only 40 bit crypto for export ??
Key sizes are not a very meaningful indicator of security, which is a holistic thing.
A friend asked me about the secure credit stuff and if netscape was secure for credit cards ??
I think that security in that respect probably has much more to do with the security of the server which receives your information, than with the cypher used in transit. Assure yourself that the person you send the information to is trustworthy and knows how to secure a computer system. Even weak HTTPS encryption will make it somewhat difficult for people to grab your information out of a proxy cache or log and similar trivial attacks.
So is the export copy secure ??
Compared to what? More secure than unencrypted, less secure than strongly-encrypted. More secure than Internet Explorer, less secure than Lynx. Probably. You'll probably only lose the $50 credit-card excess at most: I'd trust that to Netscape, if I was sending it to a reputable party. There's plenty of information I wouldn't trust to it.
I presuem the non-export wouldn't be to bad.
Doubled punctuation is too bad. Martin Pool PGP email preferred