1995-07-20 - Re: (Cracking) Netscape (is) the Big Win

Header Data

From: “Peter Trei” <trei>
To: cypherpunks@toad.com
Message Hash: 3ccbcaebf26c5481c1a64ca03d9df1a1c71243707f1433a12eaa95877d96aa3a
Message ID: <9507201253.AA18741@toad.com>
Reply To: N/A
UTC Datetime: 1995-07-20 12:53:40 UTC
Raw Date: Thu, 20 Jul 95 05:53:40 PDT

Raw message

From: "Peter Trei" <trei>
Date: Thu, 20 Jul 95 05:53:40 PDT
To: cypherpunks@toad.com
Subject: Re: (Cracking) Netscape (is) the Big Win
Message-ID: <9507201253.AA18741@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Timothy C. May writes:
> > Integration of crypto into Netscape is thus the Big Win.
> Crypto *is* integrated into Netscape. Unfortunately, the crypto is SSL
> -- a complete waste of time.
>[snip] 
> Perry

This is why it's imperative for cpunks to work on the SSL challenge
recently posted. Cracking 40 bit RC4 will provide a strong industry
incentive to move towards stronger crypto standards, and to pressure
the government to relax ITAR. 

If the SSL crack looks like it will take a while to gear up, perhaps
we should work on an interim project, cracking a straight 40bit rc4
encrypted message. If there is interest, I can create such a text, and 
escrow the key and plaintext in a PGP-encoded posting. 

While such a crack will not be as strong a blow against SSL and 
40-bit crypto as cracking a complete SSL transaction, it will be
a lot better then only being able to say 'Well, we didn't find a
key, but we *did* sweep 40 bits of keyspace', which is all we have
now. If need be, we can follow up with a crack of full-bore SSL.

Disclaimer: I work on a competing product, but am posting this in 
my private capacity. We've bigger fish to fry than Netscape.

Peter Trei
ptrei@acm.org

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
trei@process.com





Thread