For Release May 5, 1997 C2Net Software: Douglas Barnes +1 510 986 8770 UK Web: Dave Williams +44 113 222 0046 Full-Strength Stronghold 2.0 Released Worldwide C2Net President Sameer Parekh Rejects Weak Keys, Back Doors Oakland, CA - C2Net Software, Inc. annouced today the worldwide availability of Stronghold 2.0, a major upgrade to their secure web server based on Apache. With this release, Stronghold has added more functionality than ever, including uncompromised security, web-based configuration, and new protocol support. "The Stronghold web server -- like all C2Net products -- supports full-sized keys, and will never support government back doors," said C2Net president Sameer Parekh. "We have development teams around the globe working on our products, free from US export control policy. Even if some of these countries cave in to US demands, we'll still be able to produce first-rate, uncompromised security products." Others Use Compromised Security In a recent announcement, Netscape Communications announced plans to include government back doors in their products. "By implementing this so-called 'key recovery', Netscape is getting a small increase in key length in exchange for putting your keys in the hands of the government," said Parekh. "This the same government that hired Aldrich Ames, the same goverment that has IRS employees surfing taxpayer databases at will. What do you think is going to happen to your keys?" According to cryptography expert Bruce Schneier, "There is absolutely no business case for key recovery. Any benefit you get from longer key lengths is offset by the enormous security risk of concentrating keys in a few hands." Current "export" versions of Netscape and Microsoft web servers use a weak 40-bit cipher that can be broken in hours by any bored systems administrator or college student with access to a few hundred idle machines. By comparison, all C2Net software can use at least 128-bit keys. To understand this difference, imagine that the hundreds of computers needed to crack a 40 bit key in a few hours were compressed into a cube an inch on a side, and you built a computer the size of the Earth out of these cubes, it would still take this computer more than four times as long to crack a 128 bit key. It's easy to find a few hundred computers idle at any medium-sized business or university; Earth-sized computers are still relatively uncommon. Stronghold Gaining Market Share In several recent surveys, Stronghold has emerged as a leading contender in the web server market. An O'Reilly and Associates/Netcraft survey of secure web servers in use on the Internet found that Stronghold was second only to Netscape. The monthly Netcraft survey of all web servers on the Internet has indicated for some time that Stronghold is also the second most popular commercial web server for the Unix platform. "We've been steadily gaining market share," indicated Parekh, "and to a great extent it's due to our firm stand that we won't sell deliberately weakened security products to our customers." Features in Stronghold 2.0 "We've redesigned the security interfaces and built on the new Apache 1.2 code base," commented Mark Cox, Stronghold product manager at UK Web. "Stronghold has had many productivity and performance enhancements and it is now fully compliant with the new HTTP/1.1 standard." The HTTP/1.1 standard is a significant update to HTTP/1.0, the protocol that governs how web browsers and web servers communicate. HTTP/1.1 brings many new features to the table, including improved content and language negotiation, improved persistent connections, and better recovery from interrupted transfers. (For more information on HTTP/1.1, see http://www.apacheweek.com/features/http11) Stronghold 2.0 also includes a web-based configuration manager, allowing web administrators to securely administer their sites from the web browser of their choice. "We've had a lot of requests for this feature as Stronghold has grown in popularity," said Douglas Barnes, C2Net Vice President. On the security front, the new release includes support for Secure Sockets Layer (SSL) version 3, which provides stronger security and more flexibility in choosing ciphers. Background UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design. C2Net is the leading worldwide provider of uncompromised network security software. Netscape Navigator and Netscape Enterprise are trademarks of Netscape Communications Corporation. Microsoft Internet Explorer and Microsoft Internet Information Server are trademarks of Microsoft Corporation. Stronghold and SafePassage are trademarks of C2Net Software, Inc. Portions of Stronghold were developed by the Apache Group, and were taken with permission from the Apache Server http://www.apache.org/. Stronghold also includes software developed by Eric Young (eay@cryptsoft.com).