From: Information Security <guy@panix.com>
To: cypherpunks@cyberpass.net
Message Hash: 20b02ea8336db679c7af3cf284c6a1a1394d675483a7095a89f50c94b72c4911
Message ID: <199810082135.RAA22270@panix7.panix.com>
Reply To: N/A
UTC Datetime: 1998-10-08 21:57:14 UTC
Raw Date: Fri, 9 Oct 1998 05:57:14 +0800
From: Information Security <guy@panix.com>
Date: Fri, 9 Oct 1998 05:57:14 +0800
To: cypherpunks@cyberpass.net
Subject: Re: does Web TV use forward secret cipher-suites? (Re: Web TV with 128b exported)
Message-ID: <199810082135.RAA22270@panix7.panix.com>
MIME-Version: 1.0
Content-Type: text/plain
> From: Adam Back <aba@dcs.ex.ac.uk>
>
> This is as others have noted cisco's doorbelling approach to GAK --
> having routers and automated systems doing decryption, and allowing
> LEA either direct access (possibly in this case), or access via
> complicit operators.
>
> One question which might help determins just how bad this Web TV thing
> is, is does it use the forward secret ciphersuites.
>
> If it did use FS ciphersuites, if the LEA starts reading traffic after
> some point (by asking the WebTV operators to do so, or by using a
> special LEA operator mode), he can't get all old traffic.
>
> The EDH (ephemeral DH) modes are forward secret because a new DH key
> is generated for each session.
>
> Some of the RSA modes are forward secret, but only on export grade RSA
> key sizes (512 bit).
>
> As it got export permission, I fear the worst. Perhaps even special
> LEA operator access.
Normally, an announcement of 128-bit crypto capabilities for a
home computer would mean the user has control of said crypto.
The WebTV computer: http://developer.webtv.net/docs/sysgde/Default.htm
o WebTV supports connectivity to the ISP of your choice.
o Internet access (PPP, PAP)
o HTML 1.0; HTML 2.0; HTML 3.2; frames compatibility; JavaScript 1.2
o Image: GIF89a animation; JPEG; Progressive JPEG; PNG; TIFF-G3 fax in e-mail;
X bitmap; Macromedia[tm] Flash 1.0
o Audio: AU; . WAV; Real Audio 1.0; 2.0; 3.0; AIFF; Shockwave[tm] Audio; GSM;
MPEG-1 Audio; MPEG-2 Audio; MPEG Layer 3; MOD; General MIDI; MIDI Karaoke;
Quicktime audio; Zip decompression
o Video: PEG-1 Video; MPEG-3 Video; VideoFlash[tm]
o Processor: 112/167 Mhz R4640 processor
o Security: SSL version 2 and 3; 40bit and 128bit RC4 encryption;
root certificates for GTE, RSA Data Security (VeriSign), Thawte,
and VeriSign Class 3 digital certificates
Can WebTV send end-to-end encrypted email to any other Net user?
Nope.
The press release claiming WebTV has 128-bit security
is another low in advertising obtuseness.
---guy
Return to October 1998
Return to “Information Security <guy@panix.com>”
1998-10-08 (Fri, 9 Oct 1998 05:57:14 +0800) - Re: does Web TV use forward secret cipher-suites? (Re: Web TV with 128b exported) - Information Security <guy@panix.com>