Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Netscape The Internet

Netscape Receives Strong Crypto Export Permission 137

Posted by Hemos from the letting-it-out-at-last dept.
Greg Miller writes "According to this article , Netscape has received approval to distribute the 128-bit encryption version of Communicator outside the U.S. They've also received limited permission to distribute SuiteSpot servers with strong encryption." [Update: 12/05 03:42 by michael : Slashdot got burned, this article is bogus. See below.]

Update:: We were fooled. Someone posted this on http://www.activewin.com/frames/frmhome.shtml as new news (suckered them!), which apparently misled the slashdot submitter and us. This is an old press release from 1997 talking about exporting software for certain specialized banking purposes. As far as I know, it's still illegal to generally export 128-bit crypto products.

Thanks to the alert posters in the threads below and to alecf who was bright enough to submit it in the stories inbox (which any of the assorted slashdot authors who are online might be reading) for a fast response. Sorry for the "desinformation" (is that a pun?).
This discussion has been archived. No new comments can be posted.

Netscape Receives Strong Crypto Export Permission More

Netscape Receives Strong Crypto Export Permission

Comments Filter:
  • Thawte actually sells a certificate for the standard $125, plus a $200 one-time enrollment, that will allow netscape 4.7, ie5.x, to "unlock" the 128bit encryption that's in the browser, but just been disabled, during a visit to your site.

    There's been a utility around for quite awhile that just flips a couple bits in your exportable netscape executable, and wala, you've got full 128bit SSL.

  • > ...www.fortify.com...

    You mean: www.fortify.net [fortify.net]

    --j

  • I didn't read the article as I learned it was bogus, but this is relevant...

    My share trading account with Barclay's Stockbrokers Ltd in the UK [barclays-s...kers.co.uk] doesn't work with a Browser that doesn't have 128-bit encryption capabilities.

    It's not the case that my IE/Netscape is the US version with 128-bit as standard, but it does have some 128-bit capability.

  • Unfortunately, this sort of juke is frequently used against the defendant-- a good (read: vicious) prosecutor will hammer on such memory lapses as the trial progresses, using it to make the defendant seem unreliable:(please pardon the histrionics)

    "So, Mrs. Jones, you expect us to believe that you can positively remember not raping and eating babies on the evening of May 3, 1989?"
    "Yes, I neither raped nor ate a baby ever, including May 3 of 89."
    "Well, this is strange to me, that you can so positively recall not doing something. May I remind the court that this is the very same Suzy Jones who on Monday could not remember her 98 character passphrase, but on Tuesday suddenly was gifted with total recall, not erring by a single character, despite the fact that this 'passphrase' is, to you and I, nothing more than a nonsensical string of uppercase letters, lowercase letters, numbers and punctuation. Will you, perhaps, tomorrow remember eating these babies, ma'am?"

    ... and so on. The only reason that Ollie North so successfully applied the "I cannot recall" defense was because the folks prosecuting him weren't really very interested in convicting him of anything serious.

    Again, food for thought. Let me reiterate how much I appreciate all of this feedback. Please, everyone, feel free to drop me an e-mail as other angles on this situation occur to you. I'm always anxious to hash this over.

    -"S"HM

  • now hopefully people can feel more secure with their credit card on line.

    Why? I guess if you're worried about people's irrational feelings..

    One of the most labor and resource intensive ways to get credit cards is by sniffing 40 bit SSL traffic and decrypting that. I wouldn't be surprised if it has never happened. There would be no motive for it.

    In most situations, the 40 bit SSL connection will be the most secure the card number is at any point in its journey.

    A more reasonable way for someone to get your credit card is by stealing a stack of carbons from their retail job. Or copying the database off of the "secure" webserver.

    And even then, it doesn't matter to you. It's the bank's problem. You have laws protecting you, and will find it very easy to get the charges removed. Considering how laughably insecure credit cards are, it's obvious that the banks don't care too much.

  • It's far worse to think courts will be able to subpoena private keys than that prosecutors might invent incriminating plaintext and claim it was derived from a defendant's cyphertext. You wouldn't have to reveal your key just to demonstrate that a particular plaintext wasn't encrypted by it.
  • Does this mean that other like Red Hat, Debian ..ect can include the 128 bit versions on their distribution CDs and their ftp sites for all to use?

    It's been frustrating not having readily available Netscape RPMs with strong encryption.

  • The NSA just realized that if they allow strong e-commerce crypto, but still block strong email encryption, the big companies will stop complaining and we'll never be able to export PGP (legally, that is!).

    Exactly. A lot of the noise towards opening up the U.S.'s export restrictions on crypto have been coming from big companies that want to do e-commerce. Greater e-commerce is in the U.S. government's best interest, as American companies currently dominate that scene, and stand to make a lot of taxable income if the whole world can use strong encryption to buy from them.

    Once those companies get strong encryption exports for e-commerce, they'll be quiet and happy. No one will be strongly lobbying (with money to really make the government change its mind) for further opening up, and exports of crypto in other areas like email will never happen.

    Plus, I'm sure the intelligence impact to the NSA of not being able to read https connections is minimal, unless it turns out that they're using credit card fraud to supplement their budget or something.

  • It is interesting to note how this seems to fall in line with the Microsoft trial. If it is the case (as it seems to be) that this crypto export allowance has only been given to Netscape it would seem like the government is starting to work towards breaking the Microsoft dominance by giving its compeititors an advantage (if only in a PR sense).

  • the key phrase being "brute force attack" (Score:1)

    by Anonymous Coward

    Mr. Schneir is very correct, as usual (the man is an absolute godsend for those of us that like encryption but don't like working for a gov :) ). But note that those figures assume a brute force attack. Just as there is more than one way to skin a cat, there is more than one way to break encryption. IIRC brute-force is analogous to the worst-case scenario from algorithmic analysis, in that it can't get any less efficient than that (i.e. any special tricks or shortcuts save cpu time).

    Now, understand that I am by no means a conspiracy theorist, but the NSA (and similar governmental agencies) have many, many things going for them when it comes to breaking codes: money (lots of it, were talking on a government, a-million-bucks-is-lunch-money scale), brains (lots and lots of really intelligent people really into their jobs in close proximity to one another), and time (they've been doing this for decades non-stop since the late forties, admittedly not with the current algorithms but half of those they came up with).

    *shrug* It isn't the NSA I'm worried about anyway when it comes to my browser, just some snot-nosed punque with a sniffer his big brother coded... ;^)

  • That only applies to a brute force attack. There's always the possibility that they've found some fancy mathematical trick to speed the process up by a few million orders of magnitude.

    Well, breaking RC4 seems significantly more likely than a 128 bit brute force, but OTOH you can change which ciphers you use. If the NSA could break any SSL cipher, that's bad, since TripleDES, RC2, and RC4 are all used by SSL (well, IDEA is in there too but nobody uses it). If TripleDES is broken, you can safely say that all is lost. It's used in everything: S/MIME, PGP, GnuPG, banks use it, basically anything you can think of uses it. And you can set it to use TripleDES only if you want (I do). In any case, if nobody but the NSA can break RC4 (if an academic discovered an attack it would be published by now), then I'm pretty happy: as I've stated elsewhere, they don't want my CC #. And that's all I'm protecting with SSL.

  • Desinformation (Score:3)

    by Anonymous Coward on Sunday December 05, 1999 @07:43AM (#1478286)
    This information is out of date, and the /. story is just a heap of desinformation.

    The article mentioned in the story is several years old and the only export that has been approved is the capability to unlock stron encryption when talking to servers that present a particular kind of certificate.

    Please, check your stories!
  • Plus, I'm sure the intelligence impact to the NSA of not being able to read https connections is minimal, unless it turns out that they're using credit card fraud to supplement their budget or something.

    LOL. So that's how they afford all that computing equipment!!!
  • You are making presumptions about the legal system which have yet to be demonstrated. Who is to say that any court will accept any plaintext that was not produced under the aegis of the court system as a decrypted version of the ciphertext in question? Is that any different than hearsay? I suspect that the court would demand that the ciphertext be decrypted under the presence of court appointed administrators.

    As an example, DNA testing is sent to court approved labs. I have yet to see a court allow a lawyer walk in with his own DNA tested evidence by an unkown testing entity.

    I know it is the modus operandi here to adopt the most paranoid stance with regard to data privacy and any actions that would seem to undermine it, but people need to stop and think before voicing their opinions. It seems that most people grab the first thing that jumps in their mind and jot down a couple of lengthy paragraphs in the hope that their words can reinforce their shallow thinking.

  • If the NSA has found a shortcut to dramatically reduce those times, then they would allow 128 bit encryption through because it is now trivial for them to crack it. Incase you haven't been paying attention the NSA hasn't been licensing anything above 56 bit until today. That means that they've either given up on trying to keep encryption from spreading, or they've found a shortcut.

    Don't assume that just because *you* don't have the resources *they* don't.

  • Maybe Netscape will be able to turn the tide of IE if it is the only browser that is 128bit in the Non-US market.

    Of course, the Non-US made browsers already are going to have 128Bit Encryption in them. How long until IE is 128Bit is exportable?

    And again, of course, how hard is it to gte a 128Bit Encryption browser outside of the US? Not very!

  • noooo (Score:1)

    by Anonymous Coward
    Okay, I live in Canada, and I say they better give us in US/Canada stronger crypto..... sure the rest of the world needs stronger crypto, but I still want 256 bit or higher.

    How can this not break many laws in the us anyhow?

    nil*
  • what is the real purpose in having only certain programs exportable with 128-bit encryption? Once one browser is exportable, the cat is really out of the bag. Not that it hasn't always been obtainable...

  • ... (Score:3)

    by Signal 11 ( 7608 ) on Sunday December 05, 1999 @07:06AM (#1478293)
    Paranoid amongst us: take note. The NSA no longer considers 128 bit encryption secure enough to trouble them.

  • Ummm, is this out of date? (Score:4)

    by Joe Decker ( 3806 ) on Sunday December 05, 1999 @07:07AM (#1478294) Homepage

    The comment about DESCHALL having broken 56 bit "last week" was suggestive to me, but at the bottom, note:

    SOURCE Netscape Communications Corp. -0- 06/24/97

    Past news. Ah well.

    --j

  • Now people outside the U.S. won't have to make the little visit to fortify.net afterwards :-)

    It was always incredibly easy to get it anyway, but it's nice that there's now government permission. Definately a step in the right direction.

    --
    grappler
  • now hopefully people can feel more secure with their credit card on line.
  • You know, I'm sure the US government would just love to allow Netscape to export strong encryption with a nice backdoor built in to it... Unless Microsoft receives a similar agreement, I'd be very suspicious of that crypto.

    ~=Keelor

  • Good catch, I should've noticed the name change not having been picked up.

    I also see that the contact phone numbers are listed as being in the 415 area code. Netscape (err, AOL Mountain View) changed area codes (to 510) some time back.

    --j

  • Before badmouthing Slashdot, how about consulting a dictionary, as there is no such word as "desinformation".
  • a massively nondeterministic attack on the RSA (key-exchange) portion of the SSL protocol...

    Hrm... hadn't thought of that. But it would be a bit extreme at this point, I think. We're at, what, 3 qubits now? So the NSA can't have more than 15 or so (keeping in mind they've usually about 2 - 5 years ahead of the public state-of-the-art, based on what we've seen released (SHA-1, Skipjack, etc)). And even if what you suggest were true, a 1024 bit RSA key would still be a non-trivial effort.

    Also mind that the NSA is not going to be brute forcing your keys (wasting their computing cycles) to recover your CC number.

    Right. Even if the NSA can read it, who cares? The NSA doesn't want it, 37337 h4x0r's do, and they can't break it.
  • The exact same 1997 press release can be found here [netscape.com].
  • Who, exactly, said anything about brute forcing? Come on. It's the NSA.

  • Re:... (Score:3)

    by Issue9mm ( 97360 ) on Sunday December 05, 1999 @07:58AM (#1478307)
    Actually, from what I got out of the article, 128 is only acceptable (at least at this point) between SuiteSpot servers and Netscape browsers. They're not going to implement any more encryption into the browser.

    This has been around for awhile, as Server Gated Crypto, and both IE and Netscape have this functionality. It's not that the NSA can break it (although I'm in no position to say that they can't, it's still possible), but that the only transactions being encrypted in this manner are going to be hand picked, to issue certificates, and probably only for bank/commerce transactions.

    PS, all ACs, notice how I get my point across WITHOUT having to call him a karma whore? or bash his use of "..." as a subject. Remember, it's a free world, and it's his prerogative. Some of us actually appreciate intelligent conversation, regardless of its intent, and (last time I checked), he's still perfectly free to choose whatever subject he wants.

    I'll shut up now and post so that I can be flamed.

  • "I suspect that the court would demand that the ciphertext be decrypted under the presence of court appointed administrators."

    One would suspect this-- I'd love for it to be the case-- but it won't be, not if the Clinton Admin's present stance becomes policy. The specific power that law enforcement agencies would be granted would be the right to not have to reveal how they arrive at plaintext (similar to the right law enforcement currently has to not reveal sources of "anonymous" tips.) The right to not-reveal would include the power to not have anyone looking over their shoulder (who has oversight over the NSA?) Remember, this isn't like a lawyer wandering in with his own evidence; this is the cops wandering in with their own evidence-- which is entirely normal.

    I recognize that this reads as paranoid clap-trap, but I do believe this threat is very real. Witness the kinds of abuses committed by the Phillie PD or LAPD, each of which are currently being investigated on several thousand counts of fabricating evidence, as well as sundry other abuses.

    (pardon the spelling-- I'm in a hurry) -"S"HM

  • If the NSA has found a shortcut to dramatically reduce those times, then they would allow 128 bit encryption through because it is now trivial for them to crack it.

    Huh? That's my point: there is no way to do a 128 bit brute force, at least not on an abstract cipher. Even a quantum computer will only be able to break in with 2**64 effort (or 2**84 with 168 bit 3DES keys). A quantum computer with that kind of power is decades away, and while the NSA does have advanced tech, it's highly unlikely that they're 20 years ahead of state-of-the-art.

    If they can find a weakness in the cipher, sure. Finding a weakness in 3 ciphers (RC4, RC2, and 3DES) at the level where brute forcing the key is feasible seems highly unlikely. And if they can break TripleDES there's not much point in encrypting anything. 3DES has been studied for the last 20 something years, and never broken (publicly). If the NSA can break it, they can probably also break any other cipher out there.

    Don't assume that just because *you* don't have the resources *they* don't.

    LOL. I'm not assuming anything based on my capabilities. I could maybe break a 40 bit key, given a few weeks or so (on my computers, not by hand!). If they had to, the NSA could brute force a 64 bit or even 72 bit key. If the algorithm was bad I'm sure they could do much better.
  • Actually, they have a functioning 5 or 6 qubit prototype over at MIT, in Seth Lloyd's research group, I believe. But perhaps some unforeseen (maybe non-NMR based) appraoch to QC has been devleloped by the NSA. *shrug*
  • From the article:
    ... 128-bit key is more than 309,485,009,821,345,068,724,781,056 times harder than a 40-bit key ...
    So someone thought it would be cool to calculate 2^128/2^40. Hmph! But, anyway, my point is, you have to be careful about such numbers. Admittedly, using longer key lengths will give you exponentially stronger encryption, but it doesn't scale so neatly all the time. Ask Bruce Schneier. A lot of factors come into play in determining the final entropy: the way the key is used (how many bits are actually relevant), how much entropy in the PRNG (pseudo random number generator), etc. Just nitpicking on details I guess, but something to remember anyway.

    Sreeram.

  • Netscape will be able to use 128bit with more servers. That doesn't really change anything for most users. The only servers will still be those approved by the U.S. govt.

    On the other hand, Opera will use 128bit with any server, not just those approved by the U.S. The beta is due this month.
  • I've never heard of any institutions (banks etc) offering 128-bit secure connections outside of the US

    They absolutely do. Barclaycard [barclaycard.co.uk] have 128-bit encryption on their servers, which cause International editions of IE to act oddly.

    rOD.
  • That's my point: there is no way to do a 128 bit brute force, at least not
    on an abstract cipher. Even a quantum computer will only be able to break in
    with 2**64 effort (or 2**84 with 168 bit 3DES keys). A quantum computer
    with that kind of power is decades away, and while the NSA does have
    advanced tech, it's highly unlikely that they're 20 years ahead of
    state-of-the-art.

    The point is that they might not have to brute-force it. It's possible that they've found a way to factor very large numbers, a breakthrough which would render all the current ciphers useless. In addition, the NSA being 20 years ahead of the public is not unheard of. Hopefully someone who knows better than me can elaborate, but I believe that when DES was being developed, the NSA made some suggestions that no one could figure out. They seemed useless at the time, but 20 years later, when the public discovered differential cryptanalysis, the suggestions were what kept the cipher safe. The logical conclusion would be that the NSA knew about DC 20 years before the public.
  • This IMO, is not good news. Since this excemption only applies to Netscape Communicator, it will presumably not extend to Mozilla as such.

    I don't want a proprietary extension to the open source browser, I want strong encryption to come in the open source distribution.

    The only good thing I can see in this is a thorn in the eye of Internet Explorer, but even as such I can't see it as having significant effect, the exportation laws are by neccessity more of a hinderance to truely international development efforts like the Open Source community than proprietary developers.

    The silly exportation rule need to come down completely. Granted if this is a first step, that could be a good thing, but it will probably be long until the good old American paranoia steps back. Until then this can only serve to unfairly unbalance the market. Similar allowances will probably soon follow for IE, which means that browsers that distribute source with their programs will be the loser.

    Eythain

  • It's possible that they've found a way to factor very large numbers, a breakthrough which
    would render all the current ciphers useless.

    Unless Diffie-Hellman key exchange were used instead of RSA (and DH is in SSL3). And for sym ciphers, there isn't anything basic that you can point to, and say "we can do this, so we can break this". The only real relation between, say, RC4 and 3DES is that they both use large secret keys.
    So the only attack which can break both is a brute force attack. And as someone pointed out, breaking the key exchange will break SSL. But just being able to factor won't help you much in DH is used (tho I will admit that DH is not used much in SSL).

    And more to the point: if the NSA can break RSA, why don't they let PGP be exported? It won't stop them!

    The logical conclusion would be that the NSA knew about DC 20 years before the public.

    Indeed, as did the team at IBM (and if you try to tell me that the NSA told the IBM team about it, I'll laugh). The NSA asked them not to tell, and they agreed. In fact, the team (specifically Coppersmith), claimed that they invented the entire thing. There's a quote by him somewhere, something like "The NSA did not dictate a single wire!", presumably refering to the fact that it was done in hardware.
  • It's just one guy who keeps posting those comments - not a small group. There's only about 5 people on /. that have had a problem with my posts and only one or two of them are trying to overwhelm people by posting multiple times to anything I post. It's jealousy, plain and simple. Rob has recently turned off karma scores on personal pages for this reason, so hopefully this kind of crap will come to an end. Just ignore them for now, or go here [slashdot.org] and post some flames to him instead of bothering the general readership...
  • The former definitely sounds like a good idea-- except for in the case that the law enforcement agency argues that the defendant tacked on a bogus MD5 so as to be able to use a "MD5 sigs don't match, therefore the cops are lying" defense. (There are cases like this where police have successfully argued, for example, that a left-handed defendant was demonstrably guilty of a stabbing committed by a clearly right-handed perp by arguing that the defendant purposefully used his less-skilled hand so as to throw up a red herring. If I'm remembering correctly, this legal argument is a personal favorite of British investigators looking in to crimes attributed to IRA friendlies.)

    In the latter case, the defendant would have to expose her private encryption key to the courts (seeing as how persons being prosecuted definitely don't retain the right to keep their encrypt/decrypt methods secret.) Thus, she'd, again be forced into giving herself away to one extent or another.

    -"S"HM

  • (score: -1, using the words "karma whore")

    Get over yourself Signal_11.

    The moderation here is screwed up, and everyone knows it. We are sick of seeing your posts moderated up to +4 or better just for pandering to the prejudices of the moderators. We know that the way to get points is to extoll the virtues of Linux, bash Microsoft, and flam Mac users. That's not the point of a comments page. It's for posting your opinion not for sucking up to the moderators.

    You abuse the system. It's as much the moderators' fault as yours, but since the moderators are anonymouse, there's no way to flame them, and thus you get to bear the brunt of our frustration. But then, what did you expect for selling yourself out to gain slashdot karma?
  • Now it will take the script kiddies your local cable segment 3 hours to crack the encryption for your credit card transaction rather than 5 minutes. This is truly a momentus occasion.

  • Re:Desinformation (Score:3)

    by JohnG ( 93975 ) on Sunday December 05, 1999 @08:36AM (#1478326)
    Yes there is! I will use it in a sentence
    "When yous comes to Slashdot yous can git desinformation, dats all about da issues." It's obvious to me that the poster is either from the ghetto or was an extra on deliverence. :)

  • Rob has recently turned off karma scores on personal pages

    He did?

    User Info for Signal 11 (7608)
    http://www.malign.net
    signal11@mediaone.net?Subject=Slashdot
    Karma 279 (mostly the sum of moderation done to users comments)

    Karma whore or not, 279 is pretty damn impressive :)
  • <shrug> The difference between slashdot and the news media you're used to is that they don't tell you when they get the story wrong.
    --
    Michael Sims-michael at slashdot.org
  • There would probably be serious issues with "financing rogue elements" in other countries if US companies were to actually try to finance such work.

    Can you imagine the hysterics some people would get into if SGI were to pay someone in the Netherlands to produce non-US-exportable computer hardware for export to China? That could seriously hamper domestic efforts to simply get the restrictions eased/lifted.

    In any case, they'd have to get the people writing the code outside access to the strong crypto code, or at least hooks to it. There might be more legal trouble with that than simply exporting the binary-only software.

    Oh well.

    Jon
  • https://www.fortify.net/README_main.html#compariso n
    or without https http://www.fortify.net/README_main.html#comparison

    This is Fortify for Netscape, a program that provides world-wide, unconditional, full strength 128-bit cryptography to users of Netscape Navigator (v3 and v4) and Communicator (v4).

    What exactly were you trying to say? Were you correcting me on something? I know what fortify is - that's why I made the comment I did.

    --
    grappler
  • Maybe Netscape will be able to turn the tide of IE if it is the only browser that is 128bit in the Non-US market.

    *cough*Opera*cough*

  • I don't know. The feds aren't really the bad guys. At least to our businesses here in the U.S. They just want to make sure we have all the possible advantages over foreign competition. And what's so bad about that? The Japanese government is 10x worse any day of the week.

    And when you think about it, the fed is only acting in their own interest. I mean, the taxes from American businesses help pay their taxes. They get nothing from foreign companies.

    So, I tend to think that things are pretty much as they should be as long as the feds don't bite the hand that feeds it.
  • Thats exactly what popped into my mind when I read the article. Why Netscape? What did Netscape offer to get this "special" treatment? Why not all the other software devs? My company still has 2 versions of its software. One for domestic and one for international delivery.

    I also noticed some interesting "this is great, will give netscape an advantage over microsoft" posts. Intersting how many slashdotters hate government control until it can hurt MS. It can also give Netscape an advantage over a number of other private and open source companies who want to export too. Don't forget that in your war cries against MS. If the feds can attack MS, they can attack you too.

  • Maybe I'll continue to use Fortify just in case. I cannot see the Oz gov. taking any notice of me 8-)
  • The cat has been out of the bag all along. We, in the rest of the world, have had 128 bit as long as you. Your gov. are finally see that all they are doing is making markets abroad.
  • Yes, definitely-- I feel like a dink for not having seen that. But, the defendant can still be forced into the "perjury trap":

    the court requests that she divulge her private key. She refuses, claiming to not be able to remember the key (just about her only recourse, short of simply giving them the key.)

    the law enforcement agency brings forth their cryptotext and dummied plaintext, which reveals the defendant to have been embroiled in all manner of nefarious business.

    the defendant's only defense is to come forward with the session key, which she can only retrieve with her private key-- QED she knew the key all along. Perjury. Unless she's the president, she's going to get hucked into teh slammer.

    I don't want this nit-picking to detract from your point: the session key angle is good, and I'm really glad that you brought it forward. Goes to show that you can't keep a good algo down.

    If we can find a way out of the "perjury trap," I'll finally get to sleep soundly again. -"S"HM

  • See, the worst part is that lately, Sig11 has been posting replies to the AC's, defending himself, laughing at them. If it wasn't obvious enough, he's feeding the trolls and feeding on the controversy.

    So that makes him more then a Karma Whore, it makes him a small time Media Whore. He loves it too.

    -One of the AC's who's always after him, posting logged in because the previous poster was brave enough to as well.

  • Well, it *was* off two days ago. *sigh* I was really rather hoping that would put an end to karma envy.
  • this seems to imply that in order for users to use 128bit, they have to be talking with a netscape suitespot server, which means that general 128bitencryption has not really been legalized, but only 128bit encryption between two software programs created by the same software house. What do you think ?

    I think it probably means nothing, that it is just a direct quote of some Netscape PR-material that like mention Netscape products a lot. But of course, it could mean exactly what it says, and that there is a backdoor in SuiteSpot for the three letter agencies. Putting a backdoor in the server side software would make perfect sence, because as we all know, Communicator 5.0 will be open source, meaning that any backdoors in Communicator would eventually be discovered.

    Probably nothing, but OTOH, one should never trust the NSA/CIA/XXX.


  • Before badmouthing Slashdot, how about consulting a dictionary, as there is no such word as "desinformation".

    • |pyrexD::Say|
      • time to wakE::Up->Issue9mm if you were awake, you would have seen that the 'word' 'desinformation' was used by the /. editor. you know, that boring crap at the top that has the junk MOST people are posting about?
      it was a pun. DESinformation. the guy you were posting to was just continuing the pun. not to mention he was, uh, 100% correct.
    |0h::4uck|

  • 1. The US gov't declares encryption a munition
    2. The US gov't bans export of encryption as it bans export of other munitions
    3. [missing link]
    4. The US gov't now says it's OK to export this or that type of encryption.

    One should always be cynical of these crypto liberalization announcements, but I think the chances of the NSA being able to break 128-bit crypto are slim.

    The "missing link" you refer to above is usually not secret. We've seen lots of crypto liberalization announcements and they've always had strings attached (more like steel cables). In the case of this old 1997 announcement I think the string was that you had to be a bank, which would mean you have to make all transactions available to the feds anyway.

    Other strings that we've seen attached:

    • Must include key recovery (Clipper, Fortezza, etc).
    • Must send all but 40 bits of the key to the NSA (Lotus Notes)
    • Subject to "one time review". (This is the latest one. It usually means "NO! And don't ask again!", or if you're lucky "Yes, but you must be my bitch.").

    People who say the NSA are way ahead of the civilian state-of-the-art in cryptography are usually using old examples. Just look at Skipjack. The algorithm was made public and after just a couple of weeks of analysis it was hanging by a thread. Not a large margin of security at all.

  • run anonymiser and just watch those domains validate themselves.

  • "Netscape Communications Corporation (Nasdaq: NSCP) today announced [...]

    Once the AOL purchase went through, NSCP was no longer listed on Nasdaq.

    Cheers,
    ZicoKnows@hotmail.com

  • The 128 bit version is not or not yet available on Netscape's page (the link is blocked). Maybe it takes a while to update that page, or the whole thing is just a rumor (I hope it's true).
  • Of course, most people don't even know what encryption is, or that they should be using 128 bit.
  • How is netscape going to survive if they can't sell off our personal info and statistics when we download communicator with encryption? We may never see the next release.

    Time, will tell.

    Imagine the processor power required to ./diff two human minds? I'd sure like to see the results line by line.
    -Scott Ruttencutter


    Scott Ruttencutter
  • Hrm... if it really is out of date, then it's activewin's fault.

    article_45.shtml 03-Dec-99 10:08 13k

    *shrug*

    ~=Keelor

  • Hmmm... this troubles me. Does this mean they can break 128 easily? If so, how? It's still too tough to brute force it, isn't it?

  • Netscape cannot be considered secure (Score:1)

    by Anonymous Coward
    128-bit encryption is now effectively USELESS. If it's been approved for export, then someone, somewhere, has broken the "security" (NSA).

    Don't trust it. For that matter, PGP 2.x isn't trustworthy either. Anything the U.S. gov't says is "OK" to export, is not to be considered reliable security.

  • This Netscape-news fits into the whole "Clinton Administration's new attitude towards crypto export" issue. One aspect of these relaxed regs, highlighted by a Wired News article several weeks ago (sorry, couldn't find the URL)but ignored pretty much everywhere else, is that investigators will no longer need to reveal their methods for arriving at a plaintext from a cryptotext for which they had no key.

    Maybe I've seen "Conspiracy Theory" one too many times, there seem to be some scary implications to this. Specifically, if investigators cannot be compelled to reveal how they decoded encrypted info, then they could conceivably take an encrypted doc which they could positively attach to the defendant (i.e. an encrypted document the defendant admits to, or can be convincingly illustrated to a court of law to be, the owner of) and then present in court ANY plaintext as being its source. These investigators (and, under the new regs, this would include domestic-charter, as well as foreign-charter, law-enforcement) could make up the foulest, nastiest, most incriminating admission in the world and claim it to be the plaintext. With a decent algorithm (i.e. ANY strong algo) there is NO WAY to verify that a plaintext and cryptotext match up without the key (that's the point of encryption, for godssakes.) As the investigators cannot be made to reveal HOW they got plain from cipher, the only defense the defendant could make would be to decrypt the doc in question before the court herself, and that would require her to expose to the court her cryptosystem and key (the latter, of course, being a far more damning exposure than the former, assuming she uses strong crypto.) I.E., in the end, she would be giving up the one thing that protected her. Even if the case is thrown out of court (which, God-willing, it would be, seeing as how the investigators would have to admit to submitting false, or at least spurious, evidence,) the defendant would still be up a creek, as all her past and present encrypted data would be exposed.

    Any even worse scenario: another clause in these regs permits courts to subpoena private keys (previously considered unconstitutional, as it forces a person to incriminate herself.) If the defendant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummied-plaintext trump card, she would be put in the position of either 1) going to prison for heinous crimes she never even considered committing or 2) admitting to perjury.

    This would seem to be a very-much bad situation that we, as citizens, are being put into. The NSA, again, has designed a brilliant protocol.

    Just food for thought. This is the sort of thing that keeps me up late, watching TV and talking to the dog.

    -"S"HM

  • Yah, false alarm. The article states that international versions can already get 128 bit if issued with the right certificate when connecting to an appropriate server. Still, I'm not sure this is true. I've never heard of any institutions (banks etc) offering 128-bit secure connections outside of the US, and surely they'd be crowing it from the rooftops if it really was available.

    For a minute there when I read the post I had visions of Bill Gates crapping his pants in fear anger and frustration. Would have been very nice if Netscape had *really* been given the right to export a strong crypto browser, and especially if MS had to wait for their turn until the DOJ thang was settled.

    Consciousness is not what it thinks it is
    Thought exists only as an abstraction
  • Netscape Communications Corporation is owned by AOL (so wouldn't AOL or the Sun-Netscape Alliance be the one granted approval?). And SuiteSpot is now called iPlanet isn't it?.

    Can any provide any supporting documentation that shows that something new has happened with respect to Netscape Communicator and encryption export restrictions?

  • Don't doubt it. 128 is old hat nowadays so don't doubt that they can get through it. Brute force is not the way. It takes too long. There are already algorithms for cracking DES.

  • Available for immediate download from the Netscape Internet site, Netscape Communicator with strong encryption would allow users worldwide to enjoy far greater protection

    Immediate? Not really! I still get:

    Bad Domain DNS NAME:
    Host Name: adsl-145-99-x-x.snelnet.nl
    IP Address: 145.99.x.x
    Your DNS name probably won't be accepted.

    Still have to go to Zedz [zedz.net] and Fortify [fortify.net]...

  • In the UK you can get Definite Linux which has 128 bit on board and is a RH based distro.

    See http://www.definitelinux.com/

  • Easy way to get 128bit encryption (Score:3)

    by linuxci ( 3530 ) on Sunday December 05, 1999 @10:00AM (#1478369)
    OK so this is a hoax but it is indeed possible to get 128 bit encryption on Netscape just by using an Australian product: Fortify [fortify.net] As it's not made in the US it doesn't violate any US export laws.
    --
  • also has a second definition -- example follows

    The NSA wasn't giving out any desinformation, but was more than happy to provide skipjackinformation.

    Johan
  • Oops, I apologise for my rotten spelling above. I guess thats what the "preview" button is for, huh...

    posting logged in because the previous poster was brave enough to as well.

    I did a little experiment a few months ago. I flamed the same posts with the same basic arguments, once logged in, and once as an AC. The logged-in posts either went up or got left alone, and all the AC posts got put down to -1.
  • No, more like "You can't get aroun restrictions on stron crypto by usin TriplDES -- that's just desinformation."
  • I want to make a few points very clear. It is legal to import strong crypto in all of the free world. One of the best crypto repositories is on
    this network. (It is replay.com now changed to
    some god-awful name like zedz.nl which rhymes with
    'feds' - How could you Alex!) What is it that makes
    America feel superior in a field long dominated by
    Europe? Finally it should be very advantageous for
    any American company to develop crypto outside the USA and get the MUCH bigger world market in addition to the (isolationist) US market. This is
    really silly and i laugh at the US like anyone else.

  • ...the defendant would still be up a creek, as all her past and present encrypted data would be exposed.

    Um, no. If the defendant used a decent cryptosystem with session keys, she'd only have to use her private key to recover the session key. She could then present her session key to the court and reveal the correct plaintext.

    Still not a good thing, but not as bad as it could be.

  • What the hell does this have to do with the topic??? Why don't you just disagree with him, metamoderate often, post complaints where appropriate, and get on with your life. The fact that he has high karma means nothing. If you have a personal problem with the guy discuss that with him where I don't have to sift through it. I would have done that with you except you are an anonymous COWARD. Grow up.
  • If the defendant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummied-plaintext trump card, she would be put in the position of...admitting to perjury.

    I don't think there'd be any problem getting around the perjury bit that you suggest. On Monday, I say "I do not recall the key at this time." I'm lying, of course, but unless you're telepathic, you can't prove it. On Tuesday, as a result of the situation you described, I say "I remember now...the key is 123ABC."

    If accused of perjury, all I have to say is "It's as I said. On Monday, I couldn't remember. On Tuesday, I could." Only a telepath could tell any different.
  • Except for the harm it does to US software houses, the ban is ineffective. I don't know anyone outside the US who who uses encryption and DOESN'T use at least 128bits as their low level crypto option.
  • I guess Nav sucks so bad the gov doesn't consider it a threat no matter what!
    Sorry. Troll.
  • The NSA no longer considers 128 bit encryption secure enough to trouble them.

    Do you have any idea how hard it would be to brute force a 128 bit key? Acording to Schneier, who seems to get some respect around here, a machine with 10**14 processors, each of which could crack a million keys a second, would need 10**11 years to crack a 128 bit key. The universe has been around 10**10 years or so. Get over it, it's not going to happen, and even if it were possible in our lifetimes (I don't think it is), do you really think they would use this trillion dollar machine to break your SSL session and get your credit card #?? No, they would go to your CC company's office and ask nicely if they wanted that.
  • You know, I'm sure the US government would just love to allow Netscape to export strong encryption with a nice backdoor built in to it...

    So they can do what, get your CC #? Who cares? (Answer: not the NSA!). You'll notice it talks about 128 bit SSL, but not 128 bit S/MIME. That's becuase the only thing SSL protects is commerce stuff, not email (like S/MIME does). The NSA just realized that if they allow strong e-commerce crypto, but still block strong email encryption, the big companies will stop complaining and we'll never be able to export PGP (legally, that is!).
  • 128 bit versions of IE and Netscape are already available outside the USA.

    See, there's this country just north of the USA that's already able to use the 128 bit versions, no problem.

    Remember, Americans, you're not the only North Americans.

    ---

  • If Netscape's marketshare were to increase outside of U.S. borders (which is obviously a much larger market than the U.S.), might this possibly help with MS I.E.'s adhereance to the WWW3's standards that we are all concerned about MS "embracing and extending"? It seems it may also give Netscape a better foothold in the international market which will help Netscape 5/Mozilla's adoption (re-adoption)when they are released.

    ----------------

    "Great spirits have always encountered violent opposition from mediocre minds." - Albert Einstein
  • When I went to "upgrade" IE 5 from 40-bit to 128-bit encryption it gave me this huge disclaimer:
    Your use of the 128-bit High Encryption Software Component is subject to the following additional terms: Export Notice - The 128-bit High Encryption Software Component contains strong encryption features. The 128-bit High Encryption Software Component may be distributed in the United States, its territories, possessions and dependencies, and Canada without an export license. Export of the 128-bit High Encryption Software Component from the United States is regulated under "EI controls" of the Export Administration Regulations (EAR, 15 CFR 730-744) of the U.S. Commerce Department, Bureau of Export Administration (BXA). An export license or applicable license exception is required to export the 128-bit High Encryption Software Component outside the United States or Canada. For additional information see http://www.microsoft.com/exporting/.

    You agree that you will not directly or indirectly export or re-export the 128-bit High Encryption Software Component (or portions thereof) to any country, other than Canada, or to any person or entity subject to U.S. export restrictions without first obtaining a Commerce Department export license or determining that there is an applicable license exception. You warrant and represent that neither the BXA nor any other U.S. federal agency has suspended, revoked, or denied your export privileges.

    Now why can Netscape export it? Maybe the figure Netscape crashes so much it dosent matter...
  • 128 bit encryption? Oh I doooo believe it's real 128 bit crypto. What I do not believe is that there were no secret back doors deliberately put in to allow feds to track and/or snoop our surfing. I mean, does anyone really believe that Feds are being nice for the good of the net? For the good of business? To help the American compete globally? What did Netscape have to do to receive this permission? If nothing, then why aren't all software developers big and small getting this same permission. Make no mistake, souls were exchanged for this magnanimous "permission".

    When netscape receives the same permission on its open sourced mozilla project... only then will I believe we're receiving real security.

  • I might be mistaken, but read this:

    International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between International versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate. Approval of this certificate based mechanism is the culmination of months of effort between Netscape and numerous government agencies. Netscape and VeriSign have worked closely together to develop digital certificates that allow Netscape SuiteSpot servers to initiate strong communications sessions with Netscape Communicator. VeriSign will issue special-use digital certificates pending final approval from the United States Department of Commerce. Banks around the world can obtain Netscape Communicator and Netscape SuiteSpot servers with strong encryption immediately.

    this seems to imply that in order for users to use 128bit, they have to be talking with a netscape suitespot server, which means that general 128bit encryption has not really been legalized, but only 128bit encryption between two software programs created by the same software house

    What do you think ?
  • Enoch Root's karma is higher (or was a few days ago)...i never see anyone nailing him about it though. dunno why...
  • The new area code is actually 615. 510 is Oakland and Berkeley I think.

  • Re:... (Score:1)

    by peter ( 3389 )
    a few million orders of magnitude?!? Maybe then they could crack it in 12 microseconds, with a handheld device... :)

    but yeah, I agree with you on the possibility of a cryptanalytic attack. That would be the only possibility, unless they've actually got quantum computers. (I say would be because we all know that this thread is moot, given the recent update to the header :)
    #define X(x,y) x##y

  • uh huh? with exactly what hardware? Seriously, what evidence do you have for your claim that they can brute force crack 128 crypto (not by exploting weaknesses in the algorithm, but by going through the _entire_ keyspace.)
    #define X(x,y) x##y
  • I've never heard of any institutions (banks etc) offering 128-bit secure connections outside of the US

    Here in Estonia [ciesin.ee] we have at least two banks - Hansabank [hansa.ee] and Union Bank [www.eyp.ee] who use 128-bit encryption in their internet banking pages.
    Here are the internet banking pages: Hansabank [hansa.ee] and Union Bank [www.eyp.ee]. There you can choose between 128-bit and 40-bit security.
    I am not sure about the third major bank because I am not their client.
  • You're taking it pretty well, since it's all stupid anyhow. I get it too, for some reason.

    I see about a billion AC's in this thread not marked as "Offtopic". I wonder why *you* got moderated down... Hmm.

    And, for future reference, guys, my Anonymous posts don't get treated that badly. But I have seen that behavior happen before. Try posting the same thing you would have posted anyhow, anonymously. And see if anyone looks at these silly "comment" things, anyhow. :)

    But more people *do* see the logged-in posts, because some people do set their threshold above 0, guys. (I usually set mine to 1, unless I see a lot of "x comments below blah threshold", or I'm really interested in the thread, but lately I've been setting mine to -1, out of moderator mistrust) And if you see a post, and you like it, you might moderate it up.

    Also, there is a lot of Anonymous Coward distrust, because they offer *no* way to contact them. They are definitely more admirable when they do. Even a slashdot account is enough, and an e-mail address (anonymous or not) is a nice touch. I distrust Anonymous Cowards because they have no reason to be accountable for what they do or say, and I don't know if I'm talking to the same person. I could post anonymously to myself and make it look like I'm being harassed to get scored up. How messed up is that? If I have a discussion with someone, and I can't see a face, I'd at least like to have a name. But really intelligent commentary will do. :)
    ---
    pb Reply or e-mail rather than vaguely moderate [152.7.41.11].
  • Someone's probably already pointed this out (although I didnt find a reference myself), but there already is a third-party 128-bit encryption add-in for Netscape Navigator and Communicator. I guess its pretty old news, but might be useful for those who hadn't heard of it... It can be found at http://www.fortify.net
  • It was my fault that the article got posted - I misread something I was sent and then jumped at the chance of posting it...I'll be posting a note about it later. On another note - 128-Bit export restrictions have been eased for certain Countries. Byron Hinson http://www.activewin.com
  • That only applies to a brute force attack. There's always the possibility that they've found some fancy mathematical trick to speed the process up by a few million orders of magnitude.
  • Perhaps. Or perhaps they have quantum computing developed to the point where they can utilize a massively nondeterministic attack on the RSA (key-exchange) portion of the SSL protocol, so the conventional encryption portion is no longer the issue. Of course, I think that would be a pretty far out, paranoid view to take, not saying I think that at all. Also mind that the NSA is not going to be brute forcing your keys (wasting their computing cycles) to recover your CC number. They are overwhelmed with data as it is, they are going to be trying to keep track of known or possible threats to national security, terrorists, etc.

  • Misleading article. Here's the translation (Score:4)

    by drig ( 5119 ) on Sunday December 05, 1999 @07:37AM (#1478409) Homepage Journal
    The article states
    "International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between international versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate."

    This is a capability that's beein in both IE and Netscape for a while. It's called "Server Gated Crypto", and it works like this:

    An exportable browser connects to a bank's server. The bank sends the browser a special certificate that has an extension which tells the browser to do Server Gated Crypto. They both drop connection and reconnect, with the domestic-grade encryption.

    This does not mean that Netscape is able to export 128bit crypto freely, nor does it mean they can stop making different versions. It means that the ability for the export browser to use domestic crypto is controlled at the CA (like VeriSign) and not in the browser. The CA gets permission to issue these special certs to a certain group of customers (banks, mostly), and THAT controls the crypto.

    It was an interesting attempt to relax crypto just enough to assuage the privacy advocates cry of "but, e-commerce needs strong crypto".

Slashdot Top Deals

Brain off-line, please wait.

Close