1998-10-08 - Re: does Web TV use forward secret cipher-suites? (Re: Web TV with 128b exported)

Header Data

From: Information Security <guy@panix.com>
To: cypherpunks@cyberpass.net
Message Hash: 20b02ea8336db679c7af3cf284c6a1a1394d675483a7095a89f50c94b72c4911
Message ID: <199810082135.RAA22270@panix7.panix.com>
Reply To: N/A
UTC Datetime: 1998-10-08 21:57:14 UTC
Raw Date: Fri, 9 Oct 1998 05:57:14 +0800

Raw message

From: Information Security <guy@panix.com>
Date: Fri, 9 Oct 1998 05:57:14 +0800
To: cypherpunks@cyberpass.net
Subject: Re: does Web TV use forward secret cipher-suites? (Re: Web TV with 128b exported)
Message-ID: <199810082135.RAA22270@panix7.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



   >   From: Adam Back <aba@dcs.ex.ac.uk>
   >
   >   This is as others have noted cisco's doorbelling approach to GAK --
   >   having routers and automated systems doing decryption, and allowing
   >   LEA either direct access (possibly in this case), or access via
   >   complicit operators.
   >
   >   One question which might help determins just how bad this Web TV thing
   >   is, is does it use the forward secret ciphersuites.
   >
   >   If it did use FS ciphersuites, if the LEA starts reading traffic after
   >   some point (by asking the WebTV operators to do so, or by using a
   >   special LEA operator mode), he can't get all old traffic.
   >
   >   The EDH (ephemeral DH) modes are forward secret because a new DH key
   >   is generated for each session.
   >
   >   Some of the RSA modes are forward secret, but only on export grade RSA
   >   key sizes (512 bit).
   >
   >   As it got export permission, I fear the worst.  Perhaps even special
   >   LEA operator access.

Normally, an announcement of 128-bit crypto capabilities for a
home computer would mean the user has control of said crypto.

The WebTV computer:   http://developer.webtv.net/docs/sysgde/Default.htm

   o WebTV supports connectivity to the ISP of your choice.

   o Internet access (PPP, PAP)

   o HTML 1.0; HTML 2.0; HTML 3.2; frames compatibility; JavaScript 1.2

   o Image: GIF89a animation; JPEG; Progressive JPEG; PNG; TIFF-G3 fax in e-mail;
     X bitmap; Macromedia[tm] Flash 1.0

   o Audio: AU; . WAV; Real Audio 1.0; 2.0; 3.0; AIFF; Shockwave[tm] Audio; GSM;
     MPEG-1 Audio; MPEG-2 Audio; MPEG Layer 3; MOD; General MIDI; MIDI Karaoke;
     Quicktime audio; Zip decompression

   o Video: PEG-1 Video; MPEG-3 Video; VideoFlash[tm]

   o Processor: 112/167 Mhz R4640 processor

   o Security: SSL version 2 and 3; 40bit and 128bit RC4 encryption;
     root certificates for GTE, RSA Data Security (VeriSign), Thawte,
     and VeriSign Class 3 digital certificates

Can WebTV send end-to-end encrypted email to any other Net user?

Nope.

The press release claiming WebTV has 128-bit security
is another low in advertising obtuseness.
---guy





Thread