Originally From shank@netscape.com Thu Aug 17 11:42:39 1995 Received: from lydia.bradley.edu (root@lydia.bradley.edu [136.176.5.15]) by spectrum.bradley.edu (8.6.12/8.6.9) with ESMTP id LAA02511 for <gpowers@spectrum.bradley.edu>; Thu, 17 Aug 1995 11:42:36 -0500 Received: from bradley.bradley.edu (daemon@bradley.bradley.edu [136.176.5.10]) by lydia.bradley.edu (8.6.9/8.6.9) with ESMTP id KAA02851 for <gpowers@lydia.bradley.edu>; Thu, 17 Aug 1995 10:39:21 -0500 Received: (from daemon@localhost) by bradley.bradley.edu (8.6.12/8.6.12) id KAA01320 for gpowers@lydia.bradley.edu; Thu, 17 Aug 1995 10:39:18 -0500 Received: from neon.netscape.com (neon.netscape.com [198.93.92.10]) by bradley.bradley.edu (8.6.12/8.6.12) with ESMTP id KAA01310 for <gpowers@bradley.edu>; Thu, 17 Aug 1995 10:39:12 -0500 Received: from [198.93.94.118] (Shank.mcom.com [198.93.94.118]) by neon.netscape.com (950215.SGI.8.6.10/8.6.9) with SMTP id IAA26102 for <gpowers@bradley.edu>; Thu, 17 Aug 1995 08:38:34 -0700 X-Sender: shank@pop.mcom.com Message-Id: <v02110107ac5914142373@[198.93.94.118]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 17 Aug 1995 08:44:45 -0700 X-PH: V4.1@bradley To: gpowers@bradley.edu From: shank@netscape.com (Peter Shank) Subject: Netscape security Glen, We're sending this response to the press and interested parties; it may also get posted on home.netscape.com. Best regards... -Peter Late Tuesday evening a person from France posted a news article to the hacker community claiming success at decrypting a single encrypted message that had been posted as a challenge on the Internet sometime on or before July 14, 1994. His response to the challenge is described in an email that has been forwarded widely across the Internet. What this person did is decrypt one encrypted message that used RC4-40 for encryption. He used 120 workstations and two parallel supercomputers for 8 days to do so. As many have documented, a single RC4-40 encrypted message takes 64 MIPS-years of processing power to break, and this roughly corresponds to the amount of computing power that was used to decrypt the message. Important points to understand: 1. He broke a single encrypted message. For him to break another message (even from the same client to the same server seconds later) would require *another* 8 days of 120 workstations and a few parallel supercomputers. The work that goes into breaking a single message can't be leveraged against other messages encrypted with other encryption keys. 2. The standard way to determine the level of security of any encryption scheme is to compare the cost of breaking it versus the value of the information that can be gained. In this case he had to use roughly $10,000 worth of computing power (ballpark figure for having access to 120 workstations and a few parallel supecomputers for 8 days) to break a single message. Assuming the message is protecting something of less value than $10,000, then this information can be protected with only RC4-40 security. For information of greater value, currently available RC4-128 security should be used. 3. Inside the US, software can support a range of stronger encryption options, including RC4-128, which is 2^88 times harder to break. Meaning that the compute power required to decrypt such a message would be more than 1,000,000,000,000 (trillion) times greater than that which was used to decrypt the RC4-40 message. This means that with forseeable computer technology this is practically impossible. So in conclusion, we think RC4-40 is strong enough to protect consumer-level credit-card transactions -- since the cost of breaking the message is sufficiently high to make it not worth the computer time required to do so -- and that our customers should use higher levels of security, particularly RC4-128, whenever possible. This level of security has been available in the U.S. versions of our products since last April. Because of export controls it has not been available outside the U.S. We would appreciate your support in lobbying the U.S. government to lift the export controls on encryption. If you'd like to help us lobby the government send email to export@netscape.com. Finally, we'd like to reiterate that all this person has done is decrypt one single RC4-40 message. RC4 the algorithm and products which use the algorithm remain as secure as always.