[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UK Guardian article on 2nd SSL breaking
from the "uk-pipeline":
CYPHERPUNKS LEAD NETSCAPE'S NAVIGATOR ASTRAY
A team of computer experts has succeeded in breaking the secure 'key'
used on international versions of the World-Wide Web browser, Netscape
The key would normally have been used to secure transmission of sensitive
information, such as credit card details, between a Web-surfer and a Web
site, such as an on-line shopping service.
However, the cypherpunks, as they are known, only cracked the 40-bit key
that is used by export versions of Netscape Navigator, since US
Government regulations prevent the export of software that uses stronger
cryptographic techniques. "We have, quite categorically, demonstrated
that 40-bit keys are too weak to use for commercial systems," said Dr.
Piete Brookes, a computer officer at Cambridge University who managed the
project. The code cracking took 31 hours and 47 minutes of computer time
on around 300 machines strung across the internet.
The team was able to crack the code because they had been provided with
the transcript of a secure transmission. Such transcripts are not
impossible to acquire, according to Dr. Brookes: "All you need is a tap
on the line, or access to a computer in a suitable part of the network.".
The 128-bit key used by American versions of Netscape Navigator is "well
out of reach of any hacker groups in the forseeable future." He
estimates it would take one billion, billion, billion, billion years to
Further information can be found on the World-Wide Web at