CDR: Re: Lions and Tigers and Backdoors, oh, my...
brflgnk at cotse.com
brflgnk at cotse.com
Wed Sep 27 19:31:35 PDT 2000
The words of Steve Furlong:
-- begin quote --
I've been trying to find evidence of this, too. I've sent messages to
self from several versions of Netscape Messenger on Windows and FreeBSD,
then examined the headers.
-- end quote --
You're looking in the wrong place. The "help fields" would be somewhere in the
SSL tunnel setup. That's where the Wells Fargo case came to light. Suddenly
one day, the banking site required me to "upgrade" my browser, allegedly because
of an expired certificate. As others have mentioned, simply upgrading the cert
itself didn't satisfy the site.
So ostensibly, the NSA, et al, have a bit of assistance in cracking the 128-bit
SSL session. You may recall a few years ago when the information lifetime of
40-bit SSL fell somewhere below 3 hours, given access to enough parallel CPU
(like a college workstation farm). Moore's Law hasn't slowed down. I'd be
surprised if 40-bit could stand much more than an hour of dedicated attack
today, if even that. And these rumored "help fields" could easily reduce the
keyspace far below 40 bits, if they don't simply expose the whole key to a
knowledgable eavesdropper.
"They" don't care much about your email... "they" want your bank balance and
credit card numbers.
More information about the cypherpunks-legacy
mailing list