[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Crypto




On Tue, 26 Aug 1997, Jason William RENNIE wrote:

> Does anybody know how strong the export netscape crypto stuff is ??

Netscape3 export version usually uses RC4 with a 40 bit shared key.

> Is the stuff only 40 bit crypto for export ??

Key sizes are not a very meaningful indicator of security, which is a
holistic thing.

> A friend asked me about the secure credit stuff and if netscape was 
> secure for credit cards ?? 

I think that security in that respect probably has much more to do with
the security of the server which receives your information, than with the
cypher used in transit.  Assure yourself that the person you send the
information to is trustworthy and knows how to secure a computer system. 

Even weak HTTPS encryption will make it somewhat difficult for people to
grab your information out of a proxy cache or log and similar trivial
attacks.

> So is the export copy secure ??

Compared to what?  More secure than unencrypted, less secure than
strongly-encrypted. More secure than Internet Explorer, less secure than
Lynx.  Probably.

You'll probably only lose the $50 credit-card excess at most: I'd trust
that to Netscape, if I was sending it to a reputable party.  There's
plenty of information I wouldn't trust to it.

> I presuem the non-export wouldn't be to bad.

Doubled punctuation is too bad.

Martin Pool
PGP email preferred