[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UK Independent on SSL crack




from the "ukpipeline" :-)


>>>>>>>>>>>>>>>>>>>>

UK Indpendent newspaper, 17/8/1995

Internet's 30bn Pound Secret Revealed

Charles Arthur
Technology Correspondent

A French student has cracked the most commonly used encryption system 
used to pass financial transactions over the Internet, threatening a 
business forecast to be worth billions of pounds worldwide.

Damien Doligez, 27, a PhD student at the Inria research centre near 
Paris, broke a software "key" used by the Netscape browsing program, 
which lets users navigate the World Wide Web.

With Netscape, Internet users can visit shopping "sites" on the Web and 
order goods by sending their credit card and address over the network to 
the site.  To prevent anyone picking up those confidential details as 
they pass through the network, they are encrypted first using a software 
"key".  This is the system used for example by Barclays Bank's 
"BarclaySquare" project, launched in May, which offers access to eight 
major retailers.  Market research companies forecast that money 
transmission over the Internet will be worth more than 30bn pounds by 
2005.

At the launch of BarclaySquare, Roger Alexander, managing director of the 
unit said: "The encryption method has been rigorously tested by us".  But 
Mr. Doligez has compromised that security by decoding a test example of 
an encrypted transaction, posted on a number of Internet discussion 
groups in July.

The transaction was scrambled using a digital key 40 bits long, which 
offers about 1,000 billion ( a million million) possible combinations.  
Mr Doligez harnessed spare time on 120 workstations and parallel 
computers.  The computers turned up the answer after eight days.

"I wouldn't trust my credit card number to Netscape," Mr Doligez told the 
Independent from Paris yesterday.

Netscape Communications, whose flotation on the New York Stock Exchange 
raised more than $1bn, said "We have always said this would be 
theoretically possible."

[end]