[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UK Independent on SSL crack
- To: [email protected]
- Subject: UK Independent on SSL crack
- From: [email protected] (Anonymous)
- Date: Thu, 17 Aug 1995 16:35:06 +0200
- Comments: Hack-Tic may or may not approve of the content of this posting
- Comments: Please report misuse of this automated remailing service to <[email protected]>
- Organization: Hack-Tic International, Inc.
- Sender: [email protected]
from the "ukpipeline" :-)
UK Indpendent newspaper, 17/8/1995
Internet's 30bn Pound Secret Revealed
A French student has cracked the most commonly used encryption system
used to pass financial transactions over the Internet, threatening a
business forecast to be worth billions of pounds worldwide.
Damien Doligez, 27, a PhD student at the Inria research centre near
Paris, broke a software "key" used by the Netscape browsing program,
which lets users navigate the World Wide Web.
With Netscape, Internet users can visit shopping "sites" on the Web and
order goods by sending their credit card and address over the network to
the site. To prevent anyone picking up those confidential details as
they pass through the network, they are encrypted first using a software
"key". This is the system used for example by Barclays Bank's
"BarclaySquare" project, launched in May, which offers access to eight
major retailers. Market research companies forecast that money
transmission over the Internet will be worth more than 30bn pounds by
At the launch of BarclaySquare, Roger Alexander, managing director of the
unit said: "The encryption method has been rigorously tested by us". But
Mr. Doligez has compromised that security by decoding a test example of
an encrypted transaction, posted on a number of Internet discussion
groups in July.
The transaction was scrambled using a digital key 40 bits long, which
offers about 1,000 billion ( a million million) possible combinations.
Mr Doligez harnessed spare time on 120 workstations and parallel
computers. The computers turned up the answer after eight days.
"I wouldn't trust my credit card number to Netscape," Mr Doligez told the
Independent from Paris yesterday.
Netscape Communications, whose flotation on the New York Stock Exchange
raised more than $1bn, said "We have always said this would be