[plug] export Netscape _does_ do 128 bit (sometimes)
Mike Holland
myk at golden.wattle.id.au
Sun Jun 6 00:38:54 WST 1999
On Fri, 4 Jun 1999, Christian wrote:
> original question: if the browser can only do 40 bit encryption, how can
> these banks claim that the link is 128-bit secure?
I found the answer. This seems to apply to Linux Netscape.
Quoting the "Fortify" documentation:
---------------
The recent export releases of Netscape Communicator (version 4 only)
include two high grade SSL ciphers - RC4 128-bit, and triple-DES 168-bit.
However, you must read the fine print. These ciphers are only enabled
when you connect to specific, specially approved SSL web servers (they are
never used to encrypt e-mail messages). If you connect to a non-approved SSL
server, the strongest cipher allowed is 56-bit DES. Verisign Inc. grants
these special approvals, under its Global Server ID certificate program.
Outside the U.S., approvals are only available to certain, specific
categories of organizations.
In contrast, Fortify gives you strongly encrypted communications when
you connect to any full strength server, anywhere. No questions asked.
Fortify is available for both Navigator (v3 and v4) and Communicator (v4).
----------------
Mike Holland <mike at golden.wattle.id.au> Perth, Australia.
--==--
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
More information about the plug
mailing list