[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Cracking) Netscape (is) the Big Win

To: [email protected]
Subject: Re: (Cracking) Netscape (is) the Big Win
From: "Peter Trei" <trei>
Date: Thu, 20 Jul 1995 08:56:02 -6
Organization: Process Software Corporation
Priority: normal
Reply-To: [email protected]
Sender: [email protected]

> 
> Timothy C. May writes:
> > Integration of crypto into Netscape is thus the Big Win.
> Crypto *is* integrated into Netscape. Unfortunately, the crypto is SSL
> -- a complete waste of time.
>[snip] 
> Perry

This is why it's imperative for cpunks to work on the SSL challenge
recently posted. Cracking 40 bit RC4 will provide a strong industry
incentive to move towards stronger crypto standards, and to pressure
the government to relax ITAR. 

If the SSL crack looks like it will take a while to gear up, perhaps
we should work on an interim project, cracking a straight 40bit rc4
encrypted message. If there is interest, I can create such a text, and 
escrow the key and plaintext in a PGP-encoded posting. 

While such a crack will not be as strong a blow against SSL and 
40-bit crypto as cracking a complete SSL transaction, it will be
a lot better then only being able to say 'Well, we didn't find a
key, but we *did* sweep 40 bits of keyspace', which is all we have
now. If need be, we can follow up with a crack of full-bore SSL.

Disclaimer: I work on a competing product, but am posting this in 
my private capacity. We've bigger fish to fry than Netscape.

Peter Trei
[email protected]

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
[email protected]

Prev by Date: Re: Why no action alert, coalition opposing S. 974?
Next by Date: Re: (Cracking) Netscape (is) the Big Win
Prev by thread: Name misspelling
Next by thread: Re: (Cracking) Netscape (is) the Big Win
Index(es):
- Date
- Thread