Does anybody know how strong the export netscape crypto stuff is ?? Is the stuff only 40 bit crypto for export ?? A friend asked me about the secure credit stuff and if netscape was secure for credit cards ?? So is the export copy secure ?? I presuem the non-export wouldn't be to bad. Jason
On Tue, 26 Aug 1997, Jason William RENNIE wrote:
Does anybody know how strong the export netscape crypto stuff is ??
Netscape3 export version usually uses RC4 with a 40 bit shared key.
Is the stuff only 40 bit crypto for export ??
Key sizes are not a very meaningful indicator of security, which is a holistic thing.
A friend asked me about the secure credit stuff and if netscape was secure for credit cards ??
I think that security in that respect probably has much more to do with the security of the server which receives your information, than with the cypher used in transit. Assure yourself that the person you send the information to is trustworthy and knows how to secure a computer system. Even weak HTTPS encryption will make it somewhat difficult for people to grab your information out of a proxy cache or log and similar trivial attacks.
So is the export copy secure ??
Compared to what? More secure than unencrypted, less secure than strongly-encrypted. More secure than Internet Explorer, less secure than Lynx. Probably. You'll probably only lose the $50 credit-card excess at most: I'd trust that to Netscape, if I was sending it to a reputable party. There's plenty of information I wouldn't trust to it.
I presuem the non-export wouldn't be to bad.
Doubled punctuation is too bad. Martin Pool PGP email preferred
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.SOL.3.91.970826221440.2575A-100000@hardy>, on 08/26/97 at 10:16 PM, Jason William RENNIE <jrennie@hardy.ocs.mq.edu.au> said:
Does anybody know how strong the export netscape crypto stuff is ??
Is the stuff only 40 bit crypto for export ??
A friend asked me about the secure credit stuff and if netscape was secure for credit cards ??
So is the export copy secure ?? I presuem the non-export wouldn't be to bad.
They are both crap. Never trust a company that will not release their source code. BTW those cute little Verisign certs, well Verisign collects the info you use to fill those out and resells them. Yes this is a company I would trust. Honest :) - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNALCaY9Co1n+aLhhAQEIrwQAml4qgc73JVZYNYliIq0LrkpWbKLMxR39 +BIvXXBjOLtpLc8LztFDIhA5Kui+jmYxmbSSHrGL13WlxC65YTzUnmvo7A6swlKt HykX5Ff7ZcR80EM2Miniw4+S2uPOhiU1CpvJzE1R4sQsgfX3SdfjMGyL+ZvYvfHR h58+wzxoxcw= =rbV0 -----END PGP SIGNATURE-----
participants (3)
-
Jason William RENNIE -
Martin Pool -
William H. Geiger III