Netscape Receives Strong Crypto Export Permission

Greg Miller writes "According to this article , Netscape has received approval to distribute the 128-bit encryption version of Communicator outside the U.S. They've also received limited permission to distribute SuiteSpot servers with strong encryption." [Update: 12/05 03:42 by michael : Slashdot got burned, this article is bogus. See below.]

Update:: We were fooled. Someone posted this on http://www.activewin.com/frames/frmhome.shtml as new news (suckered them!), which apparently misled the slashdot submitter and us. This is an old press release from 1997 talking about exporting software for certain specialized banking purposes. As far as I know, it's still illegal to generally export 128-bit crypto products.

Thanks to the alert posters in the threads below and to alecf who was bright enough to submit it in the stories inbox (which any of the assorted slashdot authors who are online might be reading) for a fast response. Sorry for the "desinformation" (is that a pun?).

Interesting to note

[Waav]

It is interesting to note how this seems to fall in line with the Microsoft trial. If it is the case (as it seems to be) that this crypto export allowance has only been given to Netscape it would seem like the government is starting to work towards breaking the Microsoft dominance by giving its compeititors an advantage (if only in a PR sense).

Re:...

[randombit]

That only applies to a brute force attack. There's always the possibility that they've found some fancy mathematical trick to speed the process up by a few million orders of magnitude.

Well, breaking RC4 seems significantly more likely than a 128 bit brute force, but OTOH you can change which ciphers you use. If the NSA could break any SSL cipher, that's bad, since TripleDES, RC2, and RC4 are all used by SSL (well, IDEA is in there too but nobody uses it). If TripleDES is broken, you can safely say that all is lost. It's used in everything: S/MIME, PGP, GnuPG, banks use it, basically anything you can think of uses it. And you can set it to use TripleDES only if you want (I do). In any case, if nobody but the NSA can break RC4 (if an academic discovered an attack it would be published by now), then I'm pretty happy: as I've stated elsewhere, they don't want my CC #. And that's all I'm protecting with SSL.

Desinformation

This information is out of date, and the /. story is just a heap of desinformation.

The article mentioned in the story is several years old and the only export that has been approved is the capability to unlock stron encryption when talking to servers that present a particular kind of certificate.

Please, check your stories!

Re:Desinformation

[Issue9mm]

Before badmouthing Slashdot, how about consulting a dictionary, as there is no such word as "desinformation".

Re:Desinformation

[JohnG]

Yes there is! I will use it in a sentence
"When yous comes to Slashdot yous can git desinformation, dats all about da issues." It's obvious to me that the poster is either from the ghetto or was an extra on deliverence. :)

Cool...

[Mullen]

Maybe Netscape will be able to turn the tide of IE if it is the only browser that is 128bit in the Non-US market.

Of course, the Non-US made browsers already are going to have 128Bit Encryption in them. How long until IE is 128Bit is exportable?

And again, of course, how hard is it to gte a 128Bit Encryption browser outside of the US? Not very!

...

[Signal+11]

Paranoid amongst us: take note. The NSA no longer considers 128 bit encryption secure enough to trouble them.

Re:...

[Issue9mm]

Actually, from what I got out of the article, 128 is only acceptable (at least at this point) between SuiteSpot servers and Netscape browsers. They're not going to implement any more encryption into the browser.

This has been around for awhile, as Server Gated Crypto, and both IE and Netscape have this functionality. It's not that the NSA can break it (although I'm in no position to say that they can't, it's still possible), but that the only transactions being encrypted in this manner are going to be hand picked, to issue certificates, and probably only for bank/commerce transactions.

PS, all ACs, notice how I get my point across WITHOUT having to call him a karma whore? or bash his use of "..." as a subject. Remember, it's a free world, and it's his prerogative. Some of us actually appreciate intelligent conversation, regardless of its intent, and (last time I checked), he's still perfectly free to choose whatever subject he wants.

I'll shut up now and post so that I can be flamed.

Re:...

[randombit]

The NSA no longer considers 128 bit encryption secure enough to trouble them.

Do you have any idea how hard it would be to brute force a 128 bit key? Acording to Schneier, who seems to get some respect around here, a machine with 10**14 processors, each of which could crack a million keys a second, would need 10**11 years to crack a 128 bit key. The universe has been around 10**10 years or so. Get over it, it's not going to happen, and even if it were possible in our lifetimes (I don't think it is), do you really think they would use this trillion dollar machine to break your SSL session and get your credit card #?? No, they would go to your CC company's office and ask nicely if they wanted that.

Ummm, is this out of date?

[Joe+Decker]

The comment about DESCHALL having broken 56 bit "last week" was suggestive to me, but at the bottom, note:

SOURCE Netscape Communications Corp. -0- 06/24/97

Past news. Ah well.

--j

Re:Ummm, is this out of date?

[Ben+Chu]

The exact same 1997 press release can be found here.

Re:Ummm, is this out of date?

[ralphclark]

Yah, false alarm. The article states that international versions can already get 128 bit if issued with the right certificate when connecting to an appropriate server. Still, I'm not sure this is true. I've never heard of any institutions (banks etc) offering 128-bit secure connections outside of the US, and surely they'd be crowing it from the rooftops if it really was available.

For a minute there when I read the post I had visions of Bill Gates crapping his pants in fear anger and frustration. Would have been very nice if Netscape had *really* been given the right to export a strong crypto browser, and especially if MS had to wait for their turn until the DOJ thang was settled.

Consciousness is not what it thinks it is
Thought exists only as an abstraction

one less step i guess

[grappler]

Now people outside the U.S. won't have to make the little visit to fortify.net afterwards :-)

It was always incredibly easy to get it anyway, but it's nice that there's now government permission. Definately a step in the right direction.

--
grappler

Re:This is definately out of date.

[Joe+Decker]

Good catch, I should've noticed the name change not having been picked up.

I also see that the contact phone numbers are listed as being in the 415 area code. Netscape (err, AOL Mountain View) changed area codes (to 510) some time back.

--j

How much stronger

[sreeram]

From the article:

... 128-bit key is more than 309,485,009,821,345,068,724,781,056 times harder than a 40-bit key ...

So someone thought it would be cool to calculate 2^128/2^40. Hmph! But, anyway, my point is, you have to be careful about such numbers. Admittedly, using longer key lengths will give you exponentially stronger encryption, but it doesn't scale so neatly all the time. Ask Bruce Schneier. A lot of factors come into play in determining the final entropy: the way the key is used (how many bits are actually relevant), how much entropy in the PRNG (pseudo random number generator), etc. Just nitpicking on details I guess, but something to remember anyway.

Sreeram.

Opera is not Limited

[TonyGreene]

Netscape will be able to use 128bit with more servers. That doesn't really change anything for most users. The only servers will still be those approved by the U.S. govt.

On the other hand, Opera will use 128bit with any server, not just those approved by the U.S. The beta is due this month.

Swell

[Greyfox]

Now it will take the script kiddies your local cable segment 3 hours to crack the encryption for your credit card transaction rather than 5 minutes. This is truly a momentus occasion.

Re:HAHAHAHAHA

[jellicle]

The difference between slashdot and the news media you're used to is that they don't tell you when they get the story wrong.
--
Michael Sims-michael at slashdot.org

No more personal info.

[viper21]

How is netscape going to survive if they can't sell off our personal info and statistics when we download communicator with encryption? We may never see the next release.

Time, will tell.

Imagine the processor power required to ./diff two human minds? I'd sure like to see the results line by line.
-Scott Ruttencutter


Scott Ruttencutter

a little off topic, but still salient-- I think

[Savage+Henry+Matisse]

This Netscape-news fits into the whole "Clinton Administration's new attitude towards crypto export" issue. One aspect of these relaxed regs, highlighted by a Wired News article several weeks ago (sorry, couldn't find the URL)but ignored pretty much everywhere else, is that investigators will no longer need to reveal their methods for arriving at a plaintext from a cryptotext for which they had no key.

Maybe I've seen "Conspiracy Theory" one too many times, there seem to be some scary implications to this. Specifically, if investigators cannot be compelled to reveal how they decoded encrypted info, then they could conceivably take an encrypted doc which they could positively attach to the defendant (i.e. an encrypted document the defendant admits to, or can be convincingly illustrated to a court of law to be, the owner of) and then present in court ANY plaintext as being its source. These investigators (and, under the new regs, this would include domestic-charter, as well as foreign-charter, law-enforcement) could make up the foulest, nastiest, most incriminating admission in the world and claim it to be the plaintext. With a decent algorithm (i.e. ANY strong algo) there is NO WAY to verify that a plaintext and cryptotext match up without the key (that's the point of encryption, for godssakes.) As the investigators cannot be made to reveal HOW they got plain from cipher, the only defense the defendant could make would be to decrypt the doc in question before the court herself, and that would require her to expose to the court her cryptosystem and key (the latter, of course, being a far more damning exposure than the former, assuming she uses strong crypto.) I.E., in the end, she would be giving up the one thing that protected her. Even if the case is thrown out of court (which, God-willing, it would be, seeing as how the investigators would have to admit to submitting false, or at least spurious, evidence,) the defendant would still be up a creek, as all her past and present encrypted data would be exposed.

Any even worse scenario: another clause in these regs permits courts to subpoena private keys (previously considered unconstitutional, as it forces a person to incriminate herself.) If the defendant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummied-plaintext trump card, she would be put in the position of either 1) going to prison for heinous crimes she never even considered committing or 2) admitting to perjury.

This would seem to be a very-much bad situation that we, as citizens, are being put into. The NSA, again, has designed a brilliant protocol.

Just food for thought. This is the sort of thing that keeps me up late, watching TV and talking to the dog.

-"S"HM

Re:a little off topic, but still salient-- I think

[dillon_rinker]

If the defendant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummied-plaintext trump card, she would be put in the position of...admitting to perjury.

I don't think there'd be any problem getting around the perjury bit that you suggest. On Monday, I say "I do not recall the key at this time." I'm lying, of course, but unless you're telepathic, you can't prove it. On Tuesday, as a result of the situation you described, I say "I remember now...the key is 123ABC."

If accused of perjury, all I have to say is "It's as I said. On Monday, I couldn't remember. On Tuesday, I could." Only a telepath could tell any different.

This is definately out of date.

[winterstorm]

Netscape Communications Corporation is owned by AOL (so wouldn't AOL or the Sun-Netscape Alliance be the one granted approval?). And SuiteSpot is now called iPlanet isn't it?.

Can any provide any supporting documentation that shows that something new has happened with respect to Netscape Communicator and encryption export restrictions?

Easy way to get 128bit encryption

[linuxci]

OK so this is a hoax but it is indeed possible to get 128 bit encryption on Netscape just by using an Australian product: Fortify As it's not made in the US it doesn't violate any US export laws.
--

Re:Karma whoring, and why people reply to you

[Cid+Highwind]

Oops, I apologise for my rotten spelling above. I guess thats what the "preview" button is for, huh...

posting logged in because the previous poster was brave enough to as well.

I did a little experiment a few months ago. I flamed the same posts with the same basic arguments, once logged in, and once as an AC. The logged-in posts either went up or got left alone, and all the AC posts got put down to -1.

Semantic, Pedantic point

[Zalgon+26+McGee]

128 bit versions of IE and Netscape are already available outside the USA.

See, there's this country just north of the USA that's already able to use the 128 bit versions, no problem.

Remember, Americans, you're not the only North Americans.

---

Consider this...

[moonboy]

If Netscape's marketshare were to increase outside of U.S. borders (which is obviously a much larger market than the U.S.), might this possibly help with MS I.E.'s adhereance to the WWW3's standards that we are all concerned about MS "embracing and extending"? It seems it may also give Netscape a better foothold in the international market which will help Netscape 5/Mozilla's adoption (re-adoption)when they are released.

----------------

"Great spirits have always encountered violent opposition from mediocre minds." - Albert Einstein

Permission? So... what security holes were put in?

128 bit encryption? Oh I doooo believe it's real 128 bit crypto. What I do not believe is that there were no secret back doors deliberately put in to allow feds to track and/or snoop our surfing. I mean, does anyone really believe that Feds are being nice for the good of the net? For the good of business? To help the American compete globally? What did Netscape have to do to receive this permission? If nothing, then why aren't all software developers big and small getting this same permission. Make no mistake, souls were exchanged for this magnanimous "permission".

When netscape receives the same permission on its open sourced mozilla project... only then will I believe we're receiving real security.

Not for everybody ?

[MarcoAtWork]

I might be mistaken, but read this:

International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between International versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate. Approval of this certificate based mechanism is the culmination of months of effort between Netscape and numerous government agencies. Netscape and VeriSign have worked closely together to develop digital certificates that allow Netscape SuiteSpot servers to initiate strong communications sessions with Netscape Communicator. VeriSign will issue special-use digital certificates pending final approval from the United States Department of Commerce. Banks around the world can obtain Netscape Communicator and Netscape SuiteSpot servers with strong encryption immediately.

this seems to imply that in order for users to use 128bit, they have to be talking with a netscape suitespot server, which means that general 128bit encryption has not really been legalized, but only 128bit encryption between two software programs created by the same software house

What do you think ?

Re:Karma whoring, and why people reply to you

[pb]

You're taking it pretty well, since it's all stupid anyhow. I get it too, for some reason.

I see about a billion AC's in this thread not marked as "Offtopic". I wonder why *you* got moderated down... Hmm.

And, for future reference, guys, my Anonymous posts don't get treated that badly. But I have seen that behavior happen before. Try posting the same thing you would have posted anyhow, anonymously. And see if anyone looks at these silly "comment" things, anyhow. :)

But more people *do* see the logged-in posts, because some people do set their threshold above 0, guys. (I usually set mine to 1, unless I see a lot of "x comments below blah threshold", or I'm really interested in the thread, but lately I've been setting mine to -1, out of moderator mistrust) And if you see a post, and you like it, you might moderate it up.

Also, there is a lot of Anonymous Coward distrust, because they offer *no* way to contact them. They are definitely more admirable when they do. Even a slashdot account is enough, and an e-mail address (anonymous or not) is a nice touch. I distrust Anonymous Cowards because they have no reason to be accountable for what they do or say, and I don't know if I'm talking to the same person. I could post anonymously to myself and make it look like I'm being harassed to get scored up. How messed up is that? If I have a discussion with someone, and I can't see a face, I'd at least like to have a name. But really intelligent commentary will do. :)
---
pb Reply or e-mail rather than vaguely moderate.

Misleading article. Here's the translation

[drig]

The article states
"International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between international versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate."

This is a capability that's beein in both IE and Netscape for a while. It's called "Server Gated Crypto", and it works like this:

An exportable browser connects to a bank's server. The bank sends the browser a special certificate that has an extension which tells the browser to do Server Gated Crypto. They both drop connection and reconnect, with the domestic-grade encryption.

This does not mean that Netscape is able to export 128bit crypto freely, nor does it mean they can stop making different versions. It means that the ability for the export browser to use domestic crypto is controlled at the CA (like VeriSign) and not in the browser. The CA gets permission to issue these special certs to a certain group of customers (banks, mostly), and THAT controls the crypto.

It was an interesting attempt to relax crypto just enough to assuage the privacy advocates cry of "but, e-commerce needs strong crypto".