Forwarded From: Anton J Aylward <anton@the-wire.com> >From http://www.westcoast.com/newsdigest/isn_may97.htm British Firms Throw Down Encryption Gauntlet UK Web Limited and C2Net Software have teamed up and released an encryption package called SafePassage Web Proxy. The package, which supports 128- and 168-bit proxy encryption, is claimed to steamroller current US encryption legislation that limits encryption exports to a maximum of 56-bits. "This product, developed entirely outside the United States, provides full strength, non-escrowed cryptography for users of any standard web browser," explained Sameer Parekh, C2Net's president. According to C2Net, current versions of browsers such as Netscape Navigator and Microsoft Internet Explorer are exported from the US and are forced by government to use weak encryption. This weak encryption, the company claims, has been repeatedly broken by online groups such as the 'Cypherpunks'. C2Net claims that, without the protection offered by strong encryption, any communication over the Internet may be read by eavesdroppers as it travels to its destination. Strong encryption, the company claims, is required to protect any sensitive data such as bank account, trade secrets or sensitive personal information. "We don't believe in using codes so weak that foreign governments, criminals or bored college students can break them," Parekh said, adding that the company opposes plans to put all of a user's cryptography keys in a few places, "where they can be sold to the highest bidder." "Companies like HP and IBM, bowing to government pressure, have been promoting 'key recovery' plans that would require centralised key storage and easy government access to or abuse of cryptography keys," he noted. According to Parekh, this will only create "fat, tempting targets" for hackers and spies, that are still restricted to relatively short key lengths. SafePassage is an add-on product that will work with any standard web browser. Acting as an intermediary, or proxy, it intercepts outgoing secure connections and transforms them so that they use full-strength cryptography. It is billed as supporting secure connections using strong cryptography for any browser that supports standard secure socket layer (SSL) tunnelling, a feature normally used by firewall software. The package currently runs on Windows 3.1, Windows 95 and Windows NT. Evaluation versions of SafePassage may be downloaded at no cost from UK Web's site at http://stronghold.ukweb.com/safepassage. A single user licence for the software is £32. Prices for volume licensing start at £650 for 50 users. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:40 PDT