Re: Netscape 40-bit cracking. The new computing benchmark?

[Jeff Weinstein <jsw@netscape.com>]

Weld Pond wrote:

  They (ICE) say that they actually ran Hal's SSL challenge.  I think
the mention of DES must have been an error on the part of Infoworld.

	--Jeff

> 
> From Infoworld Dec 25, 1995 page 3.
> 
> Netscape Commerce Server Security Broken
> 
> Integrated Computing Engines Inc. (ICE), in Cambridge, Mass. announced it
> has cracked the 40-bit DES [huh? not RC4] encryption in the Netscape
> Commerce Server.  Unlike a similar security break-in [talk about bad
> terminology] by a French university student last August, which required
> eight days, 120 workstations, and two supercomputers, ICE said it used a
> computer that cost $83,000 and compromised the Wold Wide Web server's
> security in 7.7 days. [Hey, what about the Cypherpunks crack that
> only took 31.8 hours?] Netscape Communications Corp. officials were not
> surprised by the security crack. "We've known that 40-bit encryption is
> breakable since we shipped the server.  That's the reason it's allowed to
> be exported," said company spokeswoman Rosanne Siino. "We need to keep
> lobbying to get rid of the U.S. governments 40-bit restriction on what
> can be exported."  Within the United States, Netscape sells products with
> 128-bit encryption.

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.