[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UK Guardian article on 2nd SSL breaking




from the "uk-pipeline":

>>>>>>>>>>>>>>>>>>>>

  CYPHERPUNKS LEAD NETSCAPE'S NAVIGATOR ASTRAY
  
  A team of computer experts has succeeded in breaking the secure 'key' 
  used on international versions of the World-Wide Web browser, Netscape 
  Navigator.
  
  The key would normally have been used to secure transmission of sensitive 
  information, such as credit card details, between a Web-surfer and a Web 
  site, such as an on-line shopping service.
  
  However, the cypherpunks, as they are known, only cracked the 40-bit key 
  that is used by export versions of Netscape Navigator, since US 
  Government regulations prevent the export of software that uses stronger 
  cryptographic techniques. "We have, quite categorically, demonstrated 
  that 40-bit keys are too weak to use for commercial systems," said Dr. 
  Piete Brookes, a computer officer at Cambridge University who managed the 
  project.  The code cracking took 31 hours and 47 minutes of computer time 
  on around 300 machines strung across the internet.
  
  The team was able to crack the code because they had been provided with 
  the transcript of a secure transmission.  Such transcripts are not 
  impossible to acquire, according to Dr. Brookes: "All you need is a tap 
  on the line, or access to a computer in a suitable part of the network.". 
  The 128-bit key used by American versions of Netscape Navigator is "well 
  out of reach of any hacker groups in the forseeable future."  He 
  estimates it would take one billion, billion, billion, billion years to 
  break.
  
  	Azeem Azhar
  
  Further information can be found on the World-Wide Web at 
  http://www.dcs.ex.ac.uk/~aba/

>>>>>>>>>>>>>>>>>>>>