| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1186.1 | | QUARK::LIONEL | Free advice is worth every cent | Wed Mar 22 1995 12:23 | 5 |
| 1186.2 | More Info | MSDOA::MCCLOUD | plug & pray | Wed Mar 22 1995 14:04 | 3 |
| 1186.3 | Ultranet is well priced | STOWOA::BUFTON::NBUFTON | | Wed Mar 22 1995 18:49 | 3 |
| 1186.4 | | AKOCOA::DANEK::DANEK | Dick Danek, EMAIL=AKOCOA::DANEK | Wed Mar 22 1995 19:28 | 7 |
| 1186.5 | | AXEL::FOLEY | Rebel without a Clue | Wed Mar 22 1995 20:19 | 10 |
| 1186.6 | | EEMELI::BACKSTROM | bwk,pjp;SwTools;pg2;lines23-24 | Thu Mar 23 1995 07:16 | 6 |
| 1186.7 | How about ULIMITED hours for $19.95/month? | ROWLET::AINSLEY | Less than 150 kts. is TOO slow! | Thu Mar 23 1995 12:38 | 4 |
| 1186.8 | Digital discount is 10% at Ultranet | UHUH::CARIGNAN | Don Carignan | Thu Mar 23 1995 16:30 | 7 |
| 1186.9 | 10% is what I was told - my entry of 20% was a typo | STOWOA::BUFTON::NBUFTON | | Thu Mar 23 1995 18:12 | 1 |
| 1186.10 | | LANDO::EIBEN | | Fri Mar 24 1995 11:39 | 9 |
| 1186.11 | | SKYLAB::FISHER | Indecision is the key to flexibility! | Fri Mar 24 1995 15:47 | 3 |
| 1186.12 | | QUARK::LIONEL | Free advice is worth every cent | Fri Mar 24 1995 16:00 | 3 |
| 1186.13 | | QUARK::LIONEL | Free advice is worth every cent | Fri Mar 24 1995 16:00 | 3 |
| 1186.14 | | AXEL::FOLEY | Rebel without a Clue | Fri Mar 24 1995 19:31 | 7 |
| 1186.15 | Netscape encryption | SLOAN::HOM | | Mon May 19 1997 15:37 | 10 |
| I'm interested in learning more about the encrytion used
in Netscape. For example, I just viewed a document with
security: "... uses high-grade encryption key for US
domestic use only (RC4, 128 bit)."
Does anyone have anymore details?
Gim
|
| 1186.16 | | TUXEDO::WRAY | John Wray, Distributed Processing Engineering | Mon May 19 1997 15:48 | 12 |
| >I'm interested in learning more about the encrytion used
>in Netscape. For example, I just viewed a document with
>security: "... uses high-grade encryption key for US
>domestic use only (RC4, 128 bit)."
What do you want to know? RC4 is a variable key-length symmetric
cipher designed by Ron Rivest of RSA Data Security Inc (Rivest is the
"R" in RSA). The details of the algorithm are a trade secret of RSADSI
(although code purporting to be an implementation of RC4 was posted in
various crypto-related newsgroups last year).
John
|
| 1186.17 | follow up questions ... | SLOAN::HOM | | Wed May 21 1997 12:58 | 17 |
| Thanks for the info.
1. IS RC4 based on the public-key cryptography? Logically it would.
2. I recall that the RSA factoring challenge was won in 1995 by
a worldwide network of computers co-ordinated by some group at
MIT. What was key length?
3. How secure is RC4 Export?
A lot of personal information is being made available via the Web -
brokerage account, bank account info, etc... I'd like to better
understand what risks I'm taking in accessing that information.
Gim
|
| 1186.18 | | TUXEDO::WRAY | John Wray, Distributed Processing Engineering | Wed May 21 1997 15:09 | 26 |
| >1. IS RC4 based on the public-key cryptography? Logically it would.
No, it's a symmetric cipher.
>3. How secure is RC4 Export?
Not sure what you mean by "how secure". It's generally easy to get
export approval for RC4 with a 40-bit key (it's one of the fast-tracked
algorithms). As far as I know, there aren't any major problems with
RC4 that might make it weaker than you'd expect of an algorithm with a
40 bit key.
There's a current RSA challenge, aimed at symmetric cipers, of which
the first and easiest part was 40-bit RC5 (RC5 is a fully parameterized
cipher: key-length, block-size and number of rounds are all variable.
It's widely believed that the "RC" designation stands for "Ron's
Cipher"). It was broken in 3.5 hours. The next level was 48-bit RC5,
which fell after 313 hours. These were both done by the now standard
technique of dividing the key-space among a set of machines on the
network - that way you can just keep throwing more CPUs at the problem.
Next comes 56-bit RC5 and DES, then longer key-length RC5. You can
find out more about the current challenge at RSA's challenge '97 web
page (www.rsa.com/rsalabs/97challenge/), and if you poke around there
you'll also find details of past challenges.
John
|
| 1186.19 | | SKYLAB::FISHER | Gravity: Not just a good idea. It's the law! | Wed May 21 1997 17:56 | 11 |
| >1. IS RC4 based on the public-key cryptography? Logically it would.
No, it's a symmetric cipher.
I might well be wrong, but I understood that there is some public key stuff
involved. Essentially the RC4 key is sent between the two parties encrypted
with public key technology; after that the actual data is encrypted with RC4.
Do you agree?
Burns
|
| 1186.20 | | TUXEDO::WRAY | John Wray, Distributed Processing Engineering | Wed May 21 1997 18:16 | 10 |
| >I might well be wrong, but I understood that there is some public key stuff
>involved. Essentially the RC4 key is sent between the two parties encrypted
>with public key technology; after that the actual data is encrypted with RC4.
You're talking about systems that use RC4 (presumably SSL), not RC4
itself. SSL does indeed use public-key encryption to authenticate one
or both parties, and to establish an RC4 session key, but RC4 itself is
symmetric.
John
|
| 1186.21 | | SKYLAB::FISHER | Gravity: Not just a good idea. It's the law! | Wed May 21 1997 18:36 | 9 |
| Yes, that's what I was trying to say (though I'm not up on all the TLAs...is
SSL the IP "secure sockets" protocol?
Anyway, I was trying to clarify since I think the original question was about
Netscape security, and that it was logical it security should involve public
key cryptography. I was trying to say and have confirmed that Netscape DOES
use public keys, but only as a means to exchange RC4 symmetric keys.
Burns
|
| 1186.22 | | SLOAN::HOM | | Thu May 22 1997 02:21 | 13 |
| Thanks to Burns for more clearly stating my question and thanks to
John for the technical answers. With the pointer to the RSA site, I
was able to get the information I was looking for.
This string also explain the hole in Netscape's encryption algorithm
discovered few years ago. It was linked to the time of day which in
turn dramatically narrowed the search range in a brute forece attack.
Gim
|