From: Weld Pond <weld@l0pht.com>
Date: Fri, 29 Dec 1995 23:46:58 +0800
To: cypherpunks@toad.com
Subject: Netscape 40-bit cracking. The new computing benchmark?
Message-ID: <Pine.BSD/.3.91.951229084345.18726A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain


>From Infoworld Dec 25, 1995 page 3.

Netscape Commerce Server Security Broken

Integrated Computing Engines Inc. (ICE), in Cambridge, Mass. announced it 
has cracked the 40-bit DES [huh? not RC4] encryption in the Netscape 
Commerce Server.  Unlike a similar security break-in [talk about bad 
terminology] by a French university student last August, which required 
eight days, 120 workstations, and two supercomputers, ICE said it used a 
computer that cost $83,000 and compromised the Wold Wide Web server's 
security in 7.7 days. [Hey, what about the Cypherpunks crack that 
only took 31.8 hours?] Netscape Communications Corp. officials were not 
surprised by the security crack. "We've known that 40-bit encryption is 
breakable since we shipped the server.  That's the reason it's allowed to 
be exported," said company spokeswoman Rosanne Siino. "We need to keep 
lobbying to get rid of the U.S. governments 40-bit restriction on what 
can be exported."  Within the United States, Netscape sells products with 
128-bit encryption.



      Weld Pond   -  weld@l0pht.com   -        http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio