Re: BofA+Netscape
Lads,
I thought many of you would be interested in the text of this story. I'm wondering if anyone has any comments on the excryption mechanism (i.e. "eavesdropping" protection) being used. I believe, from my visits to the Netscape (formerly Mosaic) Communications Inc. offices that they are using RSA, but I'm not sure how *secure* their implementation is (eg. key size, etc.). I'll be contacting my local branch to inquire as to how soon I'll be able to use the service and will post my experiences with it as soon as possible.
If you check their WWW page, you will find information on the Secure Sockets Layer. It explains the algorythm used (RC4) and key size (40 bits). The specification is available from a web page off of their site. With the latest version of Netscape, you can enable a "secure" connection with their site. To do so use: https://home.mcom.com/ as the home page address. (You need at least .96 to do this.) I am not certain as to their key exchange protocol... | "Encryption ROT13s your mind." | alano@teleport.com | |"Would you rather be tortured by the government | Disclaimer: | |forces or the people's liberation army?" -mklprc | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.|
Alan Olsen says:
If you check their WWW page, you will find information on the Secure Sockets Layer. It explains the algorythm used (RC4) and key size (40 bits).
40 bit RC4 will not stop any attacker with even moderate resources; its crap. Also, its not clear we need Yet Another Encryption On Top Of Sockets protocol. .pm
In article <199412101803.KAA06370@desiree.teleport.com>, alano@teleport.com (Alan Olsen) wrote:
If you check their WWW page, you will find information on the Secure Sockets Layer. It explains the algorythm used (RC4) and key size (40 bits).
SSL allows a number of choices for both algorithm and key size. See http://home.mcom.com/info/SSL.html. The version of Netscape you can pick up from our FTP server only implements 40-bit RC4 -- the 40-bit part resulting from standard export restrictions. We have implemented and will be shipping clients and servers with 128-bit RC4 and other configurations. Cheers, Marc -- Marc Andreessen Netscape Communications Corp. Mountain View, CA marca@mcom.com
Amanda complained that Netscape pisses all over the standardization committees. Well guys, the victor has room to move. It must come as a big shock to Apple, Microsoft, and IBM, but reality is that Netscape can set WWW standards and they cannot. If they indulge the standardization committees by listening to them first, and then deciding to ignore them, the committee should be thoroughly greatful. Marc Andreessen: Hey Mark, you are at netscape. Please, tell them about Debug Windows. Tell them that when debug windows issues a "Fatal Exit" error message this means that Netscape has trashed internal windows data, and that Windows may crash at any moment for any reason. There are no benign "Fatal Exit" warnings. If it does not crash your system, it will crash a customers system. I now have a policy of rebooting after every use of Netscape. This really bad -- though not as bad as waiting for Mosaic. to finish slooooowwwwwwwwwly loading some huge document. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com
In article <9412102351.AA09781@snark.imsi.com>, perry@imsi.com wrote:
40 bit RC4 will not stop any attacker with even moderate resources; its crap.
Agreed -- that's for the export version. US-only versions of both the client and the server will use higher key lengths. Marc -- Marc Andreessen Netscape Communications Corp. Mountain View, CA marca@mcom.com
participants (4)
-
alano@teleport.com -
jamesd@netcom.com -
marca@mcom.com -
Perry E. Metzger