Forwarded From: Anton J Aylward <anton@the-wire.com>
>From http://www.westcoast.com/newsdigest/isn_may97.htm
British Firms Throw Down Encryption Gauntlet
UK Web Limited and C2Net Software have teamed up and released an
encryption package called SafePassage Web Proxy. The package, which
supports 128- and 168-bit proxy encryption, is claimed to steamroller
current US encryption legislation that limits encryption exports to a
maximum of 56-bits.
"This product, developed entirely outside the United States, provides full
strength, non-escrowed cryptography for users of any standard web
browser," explained Sameer Parekh, C2Net's president.
According to C2Net, current versions of browsers such as Netscape
Navigator and Microsoft Internet Explorer are exported from the US and are
forced by government to use weak encryption. This weak encryption, the
company claims, has been repeatedly broken by online groups such as the
'Cypherpunks'.
C2Net claims that, without the protection offered by strong encryption,
any communication over the Internet may be read by eavesdroppers as it
travels to its destination. Strong encryption, the company claims, is
required to protect any sensitive data such as bank account, trade secrets
or sensitive personal information.
"We don't believe in using codes so weak that foreign governments,
criminals or bored college students can break them," Parekh said, adding
that the company opposes plans to put all of a user's cryptography keys in
a few places, "where they can be sold to the highest bidder."
"Companies like HP and IBM, bowing to government pressure, have been
promoting 'key recovery' plans that would require centralised key storage
and easy government access to or abuse of cryptography keys," he noted.
According to Parekh, this will only create "fat, tempting targets" for
hackers and spies, that are still restricted to relatively short key
lengths.
SafePassage is an add-on product that will work with any standard web
browser. Acting as an intermediary, or proxy, it intercepts outgoing
secure connections and transforms them so that they use full-strength
cryptography. It is billed as supporting secure connections using strong
cryptography for any browser that supports standard secure socket layer
(SSL) tunnelling, a feature normally used by firewall software. The
package currently runs on Windows 3.1, Windows 95 and Windows NT.
Evaluation versions of SafePassage may be downloaded at no cost from UK
Web's site at http://stronghold.ukweb.com/safepassage. A single user
licence for the software is £32. Prices for volume licensing start at £650
for 50 users.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Jun 10 19:54:16 1998