Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Web Desktops, Web Applications, Thin Client -- Ignore unavailable to you. Want to Upgrade?

To: Reginald Middleton who wrote (13)	12/2/1999 5:15:00 PM
From: Jay Lowe	Read Replies (1) \| Respond to of 68

>> 40-bit, bi-directional encryption Well, there we have it ... from the horse's mouth. Thanks for the correction, Reginald. Are you using a standard platform encryption API or is encryption built into your modules? 40-bit suggests that it's not the Microsoft CryptoAPI (56bit, 128bit) ... just curious ... I haven't had occasion to delve into that part of the world. By the way, I like writing in your documents ... your use of concrete metaphor and simple, relevant examples goes far to making your system approachable at a glance. Can you refer us to any technical overviews of the area?

To: Reginald Middleton who wrote (13)	12/2/1999 10:25:00 PM
From: ftth	Read Replies (1) \| Respond to of 68

Hi Reginald, a few comments: re:<<Even without such security measures, it is not easy to capture the data midstream.>> The "man in the middle" attack is only one of many possible compromise scenarios, and certainly not the most worrysome in this case. The static stored data on an "alien" system is more of a problem, analogous to the way customer credit card data stored at the merchant site is more of a concern that a "man in the middle" attack re: online purchases. Encryption is but one of many aspects of security. I addressed this in a post on Last mile about a year ago...I'll try to find it. You cannot provide a globally satisfactory definition of security. It differs on a case by case basis. As for:<<NuoMedia employs 40-bit, bi-directional encryption - far harder to break than practically any physical barrier currently in common use for sensitive data.>> You should revisit even making such a statement quite frankly (if you are publishing this on your website I strongly recommend you remove it. You open yourself up to serious liability with such claims). This is a nearly 2 year old press release, which highlights the problem with that claim: SAN FRANCISCO -- In case you weren't paying attention, 40-bit encryption is dead, security experts said here today. At the final day of the RSA Data Security Conference this morning, Peter Trei, principal software engineer of Security Dynamics Technologies Inc., said a 40-bit DES (Data Encryption Standard) key can be broken by a skillful hacker in about 40 seconds. Even an amateur hacker working on a normal desktop PC would have little trouble breaking 40-bit encryption, which was first hacked more than two years ago. '"There is no excuse for providing only 40-bit encryption in your products anymore," Trei said. Trei said that 56-bit keys are stronger, but still breakable. DES, in 56-bit form, was broken last year by a nationwide group of programmers who networked their computers together in order to solve the mathematical problem behind DES. It took them more than 120 days to do it. Another DES code-breaking effort is under way, and this time it is expected to take much less time. But how it will happen is still unknown. The brute force method, used last time to break DES, is effective but memory-intensive. It's possible - although it has yet to be accomplished - for someone to build a DES code-cracking hardware device with processors optimized for the algorithm that could break the code in a matter of days, Trei said. It's clear that the days of 56-bit encryption are also numbered, although 56-bit is the maximum allowed under current federal export laws. "Building new products with 56-bit encryption is probably not sufficient if you want to call your products secure," Trei said. "Fifty-six-bit is good, unless your adversary is well-funded." Here's the link: zdnet.com You don't have to search too hard to find many more like it.