Netscape 40-bit cracking. The new computing benchmark?
From Infoworld Dec 25, 1995 page 3.
Netscape Commerce Server Security Broken Integrated Computing Engines Inc. (ICE), in Cambridge, Mass. announced it has cracked the 40-bit DES [huh? not RC4] encryption in the Netscape Commerce Server. Unlike a similar security break-in [talk about bad terminology] by a French university student last August, which required eight days, 120 workstations, and two supercomputers, ICE said it used a computer that cost $83,000 and compromised the Wold Wide Web server's security in 7.7 days. [Hey, what about the Cypherpunks crack that only took 31.8 hours?] Netscape Communications Corp. officials were not surprised by the security crack. "We've known that 40-bit encryption is breakable since we shipped the server. That's the reason it's allowed to be exported," said company spokeswoman Rosanne Siino. "We need to keep lobbying to get rid of the U.S. governments 40-bit restriction on what can be exported." Within the United States, Netscape sells products with 128-bit encryption. Weld Pond - weld@l0pht.com - http://www.l0pht.com/ L 0 p h t H e a v y I n d u s t r i e s Technical archives for the people - Bio/Electro/Crypto/Radio
Weld Pond wrote: They (ICE) say that they actually ran Hal's SSL challenge. I think the mention of DES must have been an error on the part of Infoworld. --Jeff
From Infoworld Dec 25, 1995 page 3.
Netscape Commerce Server Security Broken
Integrated Computing Engines Inc. (ICE), in Cambridge, Mass. announced it has cracked the 40-bit DES [huh? not RC4] encryption in the Netscape Commerce Server. Unlike a similar security break-in [talk about bad terminology] by a French university student last August, which required eight days, 120 workstations, and two supercomputers, ICE said it used a computer that cost $83,000 and compromised the Wold Wide Web server's security in 7.7 days. [Hey, what about the Cypherpunks crack that only took 31.8 hours?] Netscape Communications Corp. officials were not surprised by the security crack. "We've known that 40-bit encryption is breakable since we shipped the server. That's the reason it's allowed to be exported," said company spokeswoman Rosanne Siino. "We need to keep lobbying to get rid of the U.S. governments 40-bit restriction on what can be exported." Within the United States, Netscape sells products with 128-bit encryption.
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
ObPlug: Community ConneXion does not ship a 40-bit-crippled server. (Apache-SSL)
surprised by the security crack. "We've known that 40-bit encryption is breakable since we shipped the server. That's the reason it's allowed to be exported," said company spokeswoman Rosanne Siino. "We need to keep
-- sameer Voice: 510-601-9777x3 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
participants (3)
-
Jeff Weinstein -
sameer -
Weld Pond