ANOTHER! Article reference.

Albert.Garrido@nextel.com
Tue, 13 May 97 07:23:08 EST


The below is from ENT magazine, a magazine for Enterprise NT (Windows) stuff.
They pretty much copied some of the original press release verbatim, and it
might be worth upping the dosage of publicity we send them. Although they don't
credit us by name, they should.

http://192.131.131.50/ent/archive/1997/May07/050712.html-ssi

-----

C2Net Offers Encryption Web Proxy

Neal Miller

May 7, 1997

C2Net Software (Oakland, Calif.) and UK Web Ltd. (Leeds, England) announced the
release of version 1.0 of SafePassage Web Proxy to complement their Stronghold
line of secure server products. C2Net's proxy uses built-in features in popular
Web browsers to intercept secure connections and re-encrypt them with encryption
as strong as 168 bits.

Since SafePassage resides on the same machine as the browser, the two programs
safely communicate with each other using the browser's weaker encryption. When
SafePassage communicates with a secure server via the browser, SafePassage
authenticates you and the server before conducting your Web transactions using
virtually unbreakable ciphers.

Unregulated export versions of Microsoft Internet Explorer and Netscape
Navigator/Communicator, including those versions downloaded from the Internet,
currently employ freely exportable 40-bit encryption. A University of California
at Berkeley graduate student cracked a 40-bit cipher in less than 4 hours
earlier this year using several hundred networked computers. Two weeks later, a
European team based in Switzerland cracked a 48-bit encryption cipher in 13
days. RSA (Redwood City, Calif.) is sponsoring a contest in which more than
2,000 computer users in the U.S. and Canada are attempting to crack a 56-bit
cipher, hoping to prove that the 56-bit federal exportation limit on encryption
does not provide adequate data security.

If the limit of legally exportable encryption is raised from 56 bits to 128
bits, ciphers used in international encryption would be far more difficult to
crack. "If the hundreds of computers needed to crack a 40-bit key in a few hours
were compressed into a cube an inch on a side," says Douglas Barnes, vice
president of C2Net, "and you built a computer the size of the Earth out of these
cubes, it would still take this computer more than four times as long to crack a
128-bit key. It's easy to find a few hundred computers idle at any medium-sized
business or university; Earth-sized computers are still relatively uncommon."

Federal law places many restrictions on the sale and export of encryption
software in electronic or magnetic medium, which was until recently classified
as a munitions by the U.S. Department of Commerce. These laws tend to toe the
line with respect to the First Amendment, resulting in some unusual loopholes.

Companies such as C2Net take extensive measures to provide proxies that allow
secure international communications. Because both SafePassage and Stronghold
were programmed outside the U.S., multinational corporations can use these
products to ensure secure channels of communication for sensitive data.