Re: Bug#67331: potato bugs
>>>>> "Adrian" == Adrian Bunk <bunk@fs.tum.de> writes:
I am afraid I missed the thread in debian-devel - I am not sure
who I am mailing, and why ;-)
>> ] Package: fortify (non-US/non-free). ] Maintainer: Roberto
>> Lumbreras <rover@debian.org> ] 67331 doesn't support 4.73
>>
>> This also probably ought to be fixed or explained away.
Adrian> As far as I know, netscape 4.73 already supports
Adrian> encryption, so fortify is no longer needed for this
Adrian> version. This is perhaps a documentation issue, but not
Adrian> RC.
According to: https://www.fortify.net/sslcheck.html says:
--- cut ---
You have connected to this web server using the RC4-MD5 encryption
cipher with a secret key length of 40 bits.
This is an export-grade encryption connection, widely regarded as
being inadequate for sending or receiving sensitive or valuable
information across a network. If you use a Netscape web browser or
mail reader, you should immediately download and install Fortify
for Netscape.
In a crude analogy, using this cipher is similar to sending or
storing your data inside a paper envelope - compared to a
U.S.-domestic grade cipher which is similar to using a high quality
safe to protect your data.
The U.S. Government classes this cipher as being unimportant. Its
dissemination by export is not controlled or monitored.
--- cut ---
This is different when using lynx-ssl:
--- cut ---
You have connected to this web server using the EDH-RSA-DES-CBC3-SHA
encryption cipher with a secret key length of 168 bits.
--- cut ---
168 bits??? Some things contradict. For instance, while the page info
says:
--- cut ---
Security: This is a secure document that uses a medium-grade
encryption key suited for U.S. export (RC4-40, 128 bit with 40
secret).
--- cut ---
So, what is this meant to mean. I see "40" twice but "128" only once.
The help about screen says:
--- cut ---
This version supports International security with RSA Public Key
Cryptography, MD2, MD5, RC2-CBC, RC4 .
--- cut ---
If I am mistaken, then close the bug. Perhaps it is a bug with the
fortify web page. Not sure I like the bit "40 secret" though, whatever
that means.
--
Brian May <bmay@csse.monash.edu.au>
Reply to: