Re: Bug#67331: potato bugs

To: Adrian Bunk <bunk@fs.tum.de>
Cc: 67331-quiet@bugs.debian.org, Anthony Towns <aj@azure.humbug.org.au>, debian-devel@lists.debian.org, Steve Haslam <araqnid@debian.org>, Josip Rodin <joy@cibalia.gkvk.hr>
Subject: Re: Bug#67331: potato bugs
From: Brian May <bmay@csse.monash.edu.au>
Date: 19 Jul 2000 12:43:59 +1000
Message-id: <[🔎] x3ritu23kls.fsf@lyell.csse.monash.edu.au>
In-reply-to: Adrian Bunk's message of "Mon, 17 Jul 2000 13:08:20 +0200 (CEST)"
References: <x3rn1je3lco.fsf@totally-fudged-out-message-id>

>>>>> "Adrian" == Adrian Bunk <bunk@fs.tum.de> writes:

I am afraid I missed the thread in debian-devel - I am not sure
who I am mailing, and why ;-)

    >> ] Package: fortify (non-US/non-free).  ] Maintainer: Roberto
    >> Lumbreras <rover@debian.org> ] 67331 doesn't support 4.73
    >> 
    >> This also probably ought to be fixed or explained away.

    Adrian> As far as I know, netscape 4.73 already supports
    Adrian> encryption, so fortify is no longer needed for this
    Adrian> version. This is perhaps a documentation issue, but not
    Adrian> RC.

According to: https://www.fortify.net/sslcheck.html says:

--- cut ---
You have connected to this web server using the RC4-MD5 encryption
cipher with a secret key length of 40 bits.

    This is an export-grade encryption connection, widely regarded as
    being inadequate for sending or receiving sensitive or valuable
    information across a network. If you use a Netscape web browser or
    mail reader, you should immediately download and install Fortify
    for Netscape.

 In a crude analogy, using this cipher is similar to sending or
 storing your data inside a paper envelope - compared to a
 U.S.-domestic grade cipher which is similar to using a high quality
 safe to protect your data.

   The U.S. Government classes this cipher as being unimportant. Its
   dissemination by export is not controlled or monitored.
--- cut ---

This is different when using lynx-ssl:

--- cut ---
You have connected to this web server using the EDH-RSA-DES-CBC3-SHA
          encryption cipher with a secret key length of 168 bits.
--- cut ---

168 bits???  Some things contradict. For instance, while the page info
says:

--- cut ---
Security: This is a secure document that uses a medium-grade
encryption key suited for U.S. export (RC4-40, 128 bit with 40
secret).
--- cut ---

So, what is this meant to mean. I see "40" twice but "128" only once.

The help about screen says:

--- cut ---
This version supports International security with RSA Public Key
Cryptography, MD2, MD5, RC2-CBC, RC4 .
--- cut ---

If I am mistaken, then close the bug. Perhaps it is a bug with the
fortify web page. Not sure I like the bit "40 secret" though, whatever
that means.
-- 
Brian May <bmay@csse.monash.edu.au>

Reply to:

Follow-Ups:
- Re: Bug#67331: potato bugs
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Sawfish
Next by Date: Re: Bug#67331: potato bugs
Previous by thread: Re: Sawfish
Next by thread: Re: Bug#67331: potato bugs
Index(es):
- Date
- Thread