Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Mozilla The Internet

Open Source Mozilla Crypto Released 88

Posted by CmdrTaco from the lets-get-it-on dept.
lunatik17 writes "NSS 3.1 Beta 1 has been released, including a new implementation of the RSA algorithm. This release provides, for the first time, a complete open-source implementation of the Netscape crypto libraries, and will be used in a future version of Personal Security Manager for Mozilla." This is the only significant feature I've found lacking in Mozilla.
This discussion has been archived. No new comments can be posted.

Open Source Mozilla Crypto Released More

Open Source Mozilla Crypto Released

Comments Filter:

  • Perhaps I am a bit confused, but not quite as you explained it....let me clarify.

    I believed that RSA was ONLY a symmetric algorithm and that 128 bit had already been brute forced (I think it was obviously 64 bit I was thinking of) and hence I was saying 1024 bit as the sort of level at which you can think it will not be brute forced inside a generation (though it may become open due to a hole in the algorithm). I just remebered the EFF (wasn't it) building the old-tech cracking box for $100,000 and taking export strength encryption out in 9 secs? And I though it was 128-bit in about 9 days (but it was probably 56-bit or 64-bit).

    Just to note if I had been talking public key systems I think I would have gone with 4096 (and not 1024 as it is just too close to the breakable edge). Thanks for clarifying things though :-)

  • Yeees, the FAQ was last updated on the 10th of this month - after the RSA early release. However, they're not very forthcoming about the legality of it all. They say;

    "Now that the RSA patent is in the public domain, Mozilla crypto development can proceed with minimal restrictions"

    Now, just what does "minimal" mean, coz they're a bit short on detail? What's the legal standing for us EU folks? You said;

    "Is it just me or has the number of people posting to stories who have not looked at the content been increasing to a critical S/N ratio?"

    Don't worry - it's just you!!

    Slán,
  • "minimal" means that you still have to exercise some due diligence to avoid having your software exported to a few "bad" countries such as Iraq and Libya. I'm not sure that this restriction even applies to Open Source software. When you think about it, the idea is pretty futile. All you need is some sort of FTP proxy server outside of the US and anywhere in the world can then get to your file archive.

  • RSA released the patent to public domain 2 weeks ago.

  • I'm not an encryption expert, but surely it seems to me that any algorithm that has been released by a company into the public domain cannot be particularly secure

    The RSA algorithm has been public knowledge for a long time, this is just the patent running out allowing anyone to implement the algorithm in their application. Any good encryption algorithm does not become less secure just because it's a known algorithm. Just look at DES, this has been a standard for 10+ years and it was always public knowledge.

  • RSA offers better encryption than all the free algorithims at the moment.

    Not necessarily "better encryption". It has just been around and under scrutiny for a longer time, so people have more faith that there really are no holes in it that in some newly developed algorithm.

  • After the M18 builds came out, they stated that the focus is on the next release candidate, and that the builds would get slower (true) and probably buggier (not for me, so far).
  • Yep! This is my concern & the reason for my question. I'm a developer based in Ireland. So I download the NSS code & hack it into some other application. I then release the lot under the GPL, as required, and the app and source somehow ends up in a country that the US doesn't like. Am I liable?

    (My guess it that I'm not. However, since DeCSS I'm not so sure anymore ....)
  • Now, just what does "minimal" mean, coz they're a bit short on detail?

    My apologies for not expanding on what "minimal" means. I'll update the FAQ to clarify this. Basically the remaining restrictions have to do with people in the U.S. not being able to "knowingly" export crypto code to a few countries (Iran, Iraq, etc.), together with requirements for moizlla.org to notify the US Bureau of Export Administration and NSA when new crypto code gets posted to the mozilla.org site.

    Again, I'll update the FAQ to include a more complete explanation.

  • ok, now where do i start on this one. RSA is a government accepted commercial algorithim... Um...sorry...but i'ld trust the open source community over the commercial/government alliance any day. yea, i know what your going to say 'oh great, another conspiracy theorist'. whatever. with reports of things like echelon slipping out, i no longer entrust my privacy or security in the hands of the powers that be.

    "sex on tv is bad, you might fall off..."
  • That's funny... seeing how all these people seem to having trouble running mozilla on their machines.

    I run Star Office 5.2, Mozilla, licq, xmms, 3 rxvts all at the same time.. with NO slow down.. and you know what my machine is?? A PoS!!!

    350 K6-2, 64 MB RAM...running Debian woody.

    I'm sorry but you people who can't run Mozilla BY ITSELF need a little help.

  • You can use SSL pages in Mozilla builds! (Score:5)

    by wct ( 45593 ) on Wednesday September 20, 2000 @06:48AM (#767036)


    I'm surprised no one's mentioned that you already can read SSL pages in Mozilla, by installing the Personal Security Manager. It's an XP thingy, so you just need to start Mozilla with write privileges, then visit the website:

    http://docs.iplanet.com/docs/manuals/psm/psm-moz illa/index.html

    and click on the Install Personal Security Manager. Then you can do all your on-line banking and shopping and stuff. I've tried it on the latest nightly build and it works a charm.



  • NSS is not based on OpenSSL, it is derived from the first set of Netscape SSL libraries. SSLeay and OpenSSL have re-implemented what was in NSS (although with a different API) to provide the same functionality and interoperablity. The good reason not to use OpenSSL is that they have wrote this software and have used it and have tailored the browser to use it long before it could of been released, along with the fact that the code is in C++, the same language as Mozilla. The code is secure enough, it is what sun and netscape use in there iPlanet servers and it is what you use right now in-order to surf the web in a secure fasion under netscape.
  • This is the only significant feature I've found lacking in Mozilla. How about having a session of pages rendered correctly without crashing? :)

  • Mozilla doesn't support java, nor does it support the Java 1.3 plugin.

    I'm amazed how many people spout this sort of statement without testing their assertions. Just installed the Java 1.3 beta plugin on Mozilla build 2000091908 on my NT 4.0 SP6a workstation. No problems - works like a charm.

    Cheers,

    Toby Haynes

  • All right. I'll have to keep this in mind in the future.
    ----
  • Actually, GPG/PGP support would be one of the worst things that could happen to Mozilla and the Net at large.

    The reason: we already have a real, actual Internet standard for secure e-mail: S/MIME

    Internet standards matter, folks! If you don't believe it, just ask Microsoft - they had to learn the lesson the hard way a few years ago, and barely moved fast enough to avoid oblivion. The Mozilla team show no such agility, sadly.

    It was this about-face even more than their abuse of power that established them as the standard Internet platform in so much of the corporate world. Like it or not, Microsoft currently sticks to the important Internet standards better than the Netscape folks.
  • if you throw a quatum computer at any sort of modern encryption it will be cracked in an instant

    Completely untrue and uninformed. If Quantum computers are one day able to make 1024 bit RSA keys "insecure", moving to 2048 or 4096 bit keys will almost surely still be secure. Quantum computers may possibly make things more inconvenient, but technology will also favor the users of cryptography, and allow them to use more powerful encryption. As qubits grow, so will key lengths.
  • How about this one:

    12 Netscape windows
    Xmms
    gkrellm
    GnomeCal
    6 Gnome Terminals
    Vmware
    GnomeICU
    Gaim
    GTK-Napster
    Netscape Mail
    Gnome Weather
    Gvim
    gosh I'm tired of typing :^)

    # free
    total used free shared buffers cached
    Mem: 516664 506928 9736 99256 93204 301292
    -/+ buffers/cache:
    112432 404232
    Swap: 272888 3328 269560
  • I downloaded the lastest (as of 9/20/2000) and gtop now reports 153160k. Not a big improvement. Are your numbers coming from gtop?

    -tim
  • There seems to be one slight point you are missing....every "secure" site out there (AFAIK) uses RSA encryption. We want apache and mozilla to be able to play with everyone else ASWELL as offering technically superior solutions.
    Also while RSA has been cracked, the costs of cracking are still appreciable for correct strength encryption (i.e. not that 40 or 56 bit stuff the US government wanted to make all the terrorists use so they could read their communications). AFAIK if you use 1024 bit RSA encryption it is going to take millions of dollars years to break it and that is good enough for my email, even 128 bit encryption is going to take $100,000 a week or two to open. If you are sending data that could have someone willing to spend a fortune to gain access, the best thing to do is to invest a bit of time yourself into verifying the best route for transfering the data taking into account the entire process (key-exchange, route of couriers for possible ambush if any physical acts, tapped lines etc. etc.).
    What this NSS is about is howto stop Joe Publics purchase of their T -Shirt [thinkgeek.com] online from giving their credit card details to anyone who can packet sniff the route.
  • I find it exceptionally fast, except when it forces my machine to swap, which it does too often for my liking. Speed doesn't seem to be the problem, memory usage is. The only other major quibble I have is with the ftp client. It's pretty poor compared to even the 4.x version. I only use 4.x for checking my bank details and other security related sites. Other than that I'm using Mozilla all day every day.
  • This is the only significant feature I've found lacking in Mozilla.

    <sarcasm>If you don't count usability as a feature...</sarcasm>

  • Here here. I've been avoiding mentioning this also, since I hoped that it was just early code that was running more slowly, or as Pete says, it's the debugging code that's making the screen update slowly.

    Of course, I recall that previous Netscape releases were often perceived at being a wee bit slower for some operations than the version I'd been using up to that point, but that after using the program for a short time, the difference wasn't as noticable - especially since I've also upgraded computers over the years. But it boggles the mind to think of all of the performance decreases that programs like this have seen over the years, in favor of extra features that have been added, or the fact that more & more people have accelerated graphics cards that simply don't exhibit the slowness anymore.

    Can you imaging how quickly Netscape 1.0 would render its pages on one of today's fast computers? Now that really boggles the mind!

  • Re:Limitations of NSS security (Score:3)

    by Steve B ( 42864 ) on Wednesday September 20, 2000 @03:51AM (#767049)
    I'm not an encryption expert, but surely it seems to me that any algorithm that has been released by a company into the public domain cannot be particularly secure

    Er, you do know that they released their claim on RSA about two weeks before their patent was going to expire anyway?

    The theory that they did it for PR reasons makes a lot more sense than your conspiracy theory.
    /.

  • Re:Limitations of NSS security (Score:3)

    by Patrik Nordebo ( 170 ) on Wednesday September 20, 2000 @03:51AM (#767050)
    The fact that RSA released the RSA algorithm into the public domain two weeks before it would have become public domain anyway says very little about the security of RSA. In fact, RSA keys of 4096 bits are still very hard to crack, AFAIK.
    And there are other encryption algorithms in use in open source software already, like Diffie-Hellman, another public key algorithm which is supported by NSS 3.1.
  • >Can you imagine how useless Netscape 1.0 would be on today's web? No JS, no https, no HTML 4.0, no CSS, etc.

    JS - turned off except when I really need it, and those pages are slow as anything...
    https - gotta have it
    HTML 4.0 - well, I haven't seem all that much that makes me go wow... but Scraper 1.0 didn't support HTML 3 either, so there's the bigger loss.
    no CSS - turned off... it's a waste so far, and Netscape doesn't do it right (neither does IE, though).

    If you want to see what everything looks like with Netscape 1, and other old browsers, check out http://www.dejavu.org/ (note: JScript required)

    --
  • [...]I'm not an encryption expert,[...]

    Obviously.

    --K
    Yeah, I know, IHBT [yhbt.org].
    ---
  • Is NSS based on OpenSSL?

    No, NSS is based on the original SSL library that Netscape developed for Netscape Navigator 1.0 and subsquently enhanced through the years. NSS is independent of OpenSSL/SSLeay and (to my knowledge) doesn't have any code in common with it.

    NSS is going to be included with Netscape 6 (as it was with Netscape COmmunicator 4.x), and Netscape (actually, iPlanet, the Sun/Netscape Alliance) donated the code for use with Mozilla as well; the iPlanet developers also created new code for the RSA algorithm and other crypto algorithms, to replace the code originally used, which was from the proprietary BSAFE crypto library created by RSA Security.

    There's no reason in theory why OpenSSL couldn't be used with Mozilla as well, either as an alternative SSL implementation to NSS or just as a crypto library called by NSS; however no one has yet developed and released all the code necessary to make OpenSSL work with Mozilla. You should contact the OpenSSL developers for more information, as I don't have any special knowledge of what their plans are relating to Mozilla.

  • The actual algorithm has been available to anyone interested for as long as I can remeber. In fact, it was taught to me in one of my second-year computer engineering courses. In fact, this website here gives you the math behind the algorithm:

    http://world.std.com/~franl/crypto/rsa-guts.html

    Basically, you give someone two numbers, E and (P*Q), which they use to encrypt your message. It can only be decrypted using a number which you have kept to yourself, D, and the base, (P*Q). The process of cracking a particular set of keys means factoring (P*Q) into P and Q, from which it is easy to calculate D from E, and thus decrypt a message. The challenge is in the factoring. Both P and Q are primes, and if they are 128bit numbers, it takes a lot of computational horsepower to do that. A fairly new encryption scheme is also available, using a public key method, called elliptic curve cryptography (ECC). With this method, the challenge is in solving discrete logarithms, much more difficult computationally than factoring primes.
  • Another half feature that'll cause my browser to randomly crash at the worst time possible.
  • I'm just saying it's more difficult to crack a 'black box' encryption then one that you know >EXACTLY how it works.
    ----
  • In theory you can use any JVM with Mozilla. I haven't tried it myself, and don't know if the full support is there yet, but when it is, it'll be far more powerful than Netscape 4.x in this respect. The flash plugin works right now, in fact I was using it yesterday. Just download it and bung it in the plugins directory. Done job.

    The web configurator you describe is already present in a simpler way with the installer program. You can choose which components you wish to install and it will download those only. It doesn't deal with plugins, but I see no reason why it shouldn't in the future.
  • That's odd, it runs nice and speedy on my K-7 800 MHz, with an nVidia GTS 2...

    I dunno - I ran nightlys all summer on a 500MHz Pentium III box running NT, and it ran rather nice. Whatever - I still don't use it for daily browsing, since random seg. faults get annoying. Right now, Mozilla crashes after about an hour of use due to seg. fault. Plus some of the QA options now read "bloat" so I'm wondering what they're thinking of these new features themselves.

  • I'm surprised no one's mentioned that you already can read SSL pages in Mozilla, by installing the Personal Security Manager.

    Right, the PSM available for download from the iPlanet site is strictly speaking a proprietary product, because it includes a proprietary crypto library that was originally licensed from RSA Security. Future versions of PSM that will be available from the mozilla.org site will be nonproprietary open source software, because they will instead include the open source crypto library just released by the iPlanet developers.

  • Whoops.

    Being on slashdot, I guess i get into a linux-centric frame of mind. Java (Plugin or otherwise) is not currently supported by Linux mozilla and this is what I was referring to.

    In addition, mozilla crashes more often than 4.x, and 4.x crashes often enough on it's own. I rarely have this problem on Win32 with 4.x.

    It's most certainly not a stability-of-platform issue, because netscape seems to be the only consistently unstable (yet necessary) application I run.

  • The M18 nightlies seem to be making a lot of progress in terms of speed and memory usage. On my AMD K6-2 400 laptop, it's running relatively fast such that it's replaced Netscape 4.7 as my primary browser. The only time it really slows down is when it does a lot of swapping, which is too often (but that's what I get for only having 32Mb, trying to run it along with emacs and Gnome). I recently switched to the classic theme, and that seems to have improved things a bit.

    The feature I'm really want, though, is native widgets. And plugins.

  • Most cryptographic algorithms used today are "open source." It's really nice that way because then the world can (and they will) comb through it looking for every possible loophole. Finding bugs only makes the code stronger.

    I just really hope Mozilla tested this algorithm thouroughly before deciding to release it. Yes, it's RSA, but as they said - it's a "new implementation." That's the part that sends shivers down my spine.

    --
  • ...Now try running the textmode top. Press shift-M.

    What you'll see is 6 separate threads each with a memory usage of 25-30meg.

    Here's the important part: Each of those threads is using the _same_ 25-30meg chunk of memory. gtop adds them up, and it shouldn't.

    Still, I would have to say that 25-30meg is still too big, but it is much more reasonable, and mozilla is, after all, still prerelease software.

  • Re:... (Score:1)

    by sec ( 20916 )
    * Stability

    Needs work, I will say.

    * Bookmarks manager

    Mozilla has one.

    * Working preferences dialog

    Works for me, even if it's one of the slowest parts of the UI.
  • Amoung other things, the nightly builds are probably compiled with debugging information in them. IE is bound to be stripped down to a minimum.
  • Hey - it's September 20th. Don't some of the RSA patents run out today?? Co-incidental that the Mozilla stuff should be announced today.

    So where does this leave the Mozilla SSL implementation? Is it now restriction-free, as I know the RSA patent expiration only refers to certain specific algorithms ....
  • That's nice. I'd like to know if there'll be a galeon version using it as not everybody has the amount of RAM you need to "use" Mozilla

  • If you check the link [mozilla.org] you will see:

    NSS 3.1 provides, for the first time, a complete open-source implementation of the crypto libraries used to implement security features in these products, including a new implementation of the RSA algorithm.
    and it offers the Mozilla Crypto FAQ [mozilla.org] as a link to discuss the implications of the expiration of the RSA patents.

    Is it just me or has the number of people posting to stories who have not looked at the content been increasing to a critical S/N ratio?

  • they have one...its called pgp.....
    use it...embrace it...love it.....

    "sex on tv is bad, you might fall off..."
  • Except they released it a little while ago.
    As previously seen on slashdot. [slashdot.org]
  • Just the words send shivers of delight down my spine... "open source crypto".

    But really, it's great to have Mozilla developments like this. Go Netscape!
  • More importantly, because of the patent, it was released years ago. Remember, the tradeoff in filing a patent is that the government publishes it when you file. So, everyone and their sister has had access to RSA- it's in just about every encrytion textbook, and has been widely discussed and tested (which is why the other poster can confidently discuss how long it takes to brute force it.) The original poster just doesn't have a clue, that's all.
    ~luge
  • hey have one...its called pgp

    Uh ok where do I start on this one?
    • pgp is a commercial product, although you can get free personal copies. Its free beer not free speech.
    • GPG is the free implementation of pgp your problly refering to.
    • GPG and PGP are programs, not algorithims
    • RSA offers better encryption than all the free algorithims at the moment.


  • My knowlegde of encryption is limited to a beat up copy of Applied Cryptography by my desk, but I think I can offer a bit of info, since you seem to not know very much about why RSA is in the public domain.

    RSA was a patented algorithm. The patent expires today. In an attempt to either defuse publicity surrounding the patent expiration or just be nice guys, depending on your opinion of the folks at RSA Data Security Inc, they released the algorithm into the public domain early. In any case, the algorithm is not some weak piece of crypto that has been cracked. IIRC, the various crypto challenges that have so far been put forth by RSADSI and been succesfully completed involved at the highest a 129 digit number. RSA keys are between 512 and 2048 digits. This algorithm is used in a great many commercial products. It is used in PGP. And it I' pretty sure it is illegal to export without a license :)

    If RSA had a better public key algorithm, they would be selling that one, instead.

    Eduardo Ramirez
  • Open sourceing makes very little difference, as the encrypted stuff is very hard to crack, even if you know the algorithm. Knowing the algorithm used doesn't get you very far, as you don't have the keys. RSA is very secure, provided you use big enough keys.
  • Can you imaging how quickly Netscape 1.0 would render its pages on one of today's fast computers? Now that really boggles the mind!


    Can you imagine how useless Netscape 1.0 would be on today's web? No JS, no https, no HTML 4.0, no CSS, etc. Mozilla is huge because it attempts to follow all the standards and implement all the technologies, which have grown exponentially since the time of 1.0. If 1.0 had had to do all of that, it wouldn't have run at all.


    Point being- don't get nostalgic. In this case, at least, it reeks of not knowing what is going on.


    ~luge

  • The RSA algorithm has been public knowledge since it was developed. It's release (a few weeks in advance of the patent expiration) simply means people can use it without a license from RSA.

    RSA has not been cracked. Some specific RSA keys of particular lengths (e.g., 512 bits) have been discovered. That's no big deal, since we already know roughly how much computational power it should take to crack a given key. And some weaknesses in particular implementations of RSA have been noted. But it's reasonably well understood how much (implementation-independent) security is provided by a given key length, and notwithstanding advances in factoring, that has stood up pretty well.

    RSA may or may not have something better but top secret up their sleeves, but if so it hasn't been exposed to the scrutiny of the RSA algorithm. And the most likely areas for improvement are in computational efficiency and things like that, not in security per se.

  • This just in... (Score:3)

    by American AC in Paris ( 230456 ) on Wednesday September 20, 2000 @03:58AM (#767078) Homepage
    This is the only significant feature I've found lacking in Mozilla.

    ...now all Mozilla needs is an actual full version release, and I'll be all over it.

    As important a project as the Mozilla Project is, I honestly don't think that the press it's been getting in recent months has been helping the cause that much. Even though I know that it's a solid design and that when it does eventually come out, it'll be damn powerful, it's looking more and more like it's starting to catch the Daikatana Syndrome.

    Remember way, way back when you first heard of Daikatana? Romero (and the community) was pimping that game well ahead of it's ready date. At first, there was general excitement; I even remember a friend telling me that "It'll demolish Quake 2!" (To Romero's credit, Daikatana does indeed put Quake 2 to shame.) Of course, after the initial wave of interest, people quickly began to see that Daikatana was not only a ways from going gold, it had pretty substantial work left to be done. When the game finally did come out, it was already the big in-joke; the fact that there were still some nasty bugs and that the gameplay was only average only served to heighten the humiliation. Romero's "Quake 2 killer" had the distinct dishonor of poking an already pulverized corpse with a pointy stick.

    Now, I know that Mozilla isn't on a corporate schedule, and I know that getting it done right is more important than getting it out the door fast. But honestly, How will it reflect on the Open Source Movement as a whole if, by the time the first full version of Mozilla is released, it ends up being the version 4 browser killer in a world of version 7 browsers? What happens if, heaven forfend, Mozilla turns out to be inferior to the commercially available browsers of the day?

    On that note, I think that a little less front-page coverage would be a good thing for Mozilla, even here on Slashdot. Expectations are running perhaps a bit too high for a product that still has a fair way to go before release; even some of us geeks are starting to feel the least bit worried that the trumpets have been blaring a bit too loudly for a bit too long now...

  • Mozilla doesn't support java, nor does it support the Java 1.3 plugin. I find this considerably lacking.

    Mozilla does support Java on Win32 (yuk!) - the implementation is not there yet on Linux. Mozilla doesn't wrap it up internally as Netscape 4.x did. Check out Project Blackwood [mozilla.org] for details on the implementation.

    Mozilla should eventually come with a web configurator of sorts that would allow people to configure the browser before they download it.

    That sounds vaguely possible, but it strikes me that it's easier to have that as something launched by the browser once you have downloaded it rather than by some packaging agent at the server.

    As in, I want flash, java, and shockwave. I check them, and I download the browser with these things installed (be they plug-ins or otherwise).

    I have no trouble running Flash in Mozilla. I haven't tried the latest Shockwave plugin. Mozilla has plugin-compatability with Netscape plugins, so just set them up for Netscape and they work in Mozilla.

    I doubt the plugin manufacturers would have much problem with this (unless they were Microsoft), and it could usher in a new wave of recent-java browsers.

    There may be licensing problems with having all the plugins on one server - from what I see, most plugins are distributed from the creator's websites and not from, say, the Netscape plugin collection.

    Cheers,

    Toby Haynes

  • Um... how the fsck am I trolling.. I know almost nothing about crypto and asked a legit question.. explain please!!

  • Re:Limitations of NSS security (Score:4)

    by Millennium ( 2451 ) on Wednesday September 20, 2000 @05:54AM (#767081)
    I'm sorry, but this is completely clueless.

    The reason RSA released their algorithm into the public domain (where it belonged from the very beginning) was that the patent would have expired a week later anyway. Once it expired, RSA would have been forced to release the algorithm into the public domain; this is the way all patents work (you're granted a legal monopoly on whatever is patented for a limited amount of time, up to seventeen years if you keep renewing the patent. In exchange for that monopoly, you must release the item being patented into the public domain once the patent expires).

    Also, just because an algorithm is public doesn't mean it is not secure. In fact, all known and trusted algorithms are publicly well-known (many are also patented, so they can't actually be used without a license). This is done for precisely the same reason software is Open-Sourced: peer review. You want people to try and crack the algorithm, because only if people try their hardest and still can't break it is your algorithm really secure.

    Also, as for RSA being cracked, while you are technically correct there's the fact that the crack only works on keys up to a certain, relatively small, length. Make your keys nice and long (1024 bits or more, if I remember right; keep in mind that's not even 0.2K) and the crack is useless.

    So no, RSA's releasing of the algorithm is no indication whatsoever that it's not secure enough.
    ----------
  • I no longer entrust my privacy or security in the hands of the powers that be.
    The RSA Algorithim has been around for a while. Its published and there are many implementations that you can see the source of. Now I'm against kew escrow and goverment email sniffers, but I trust the RSA algorithim.

  • To address your main point: Under the US export regulations, persons in the US are allowed to put up open source crypto code for anonymous download on the Internet; they are not liable if the software "ends up in a country that the US doesn't like", as long as they didn't specifically and knowlingly send it to that country. (For example, US persons can't legally email crypto code to someone in Iraq.) Under the new US regulations there are no prohibitions against putting open source crypto code on a public Internet site and making public announcements about where to find it.

    If you're in Ireland then there may be additional Irish laws and regulations that apply to you, but if you release the software as described above then I don't know of any problems due to US regulations.

    Final point: You write "I then release the lot under the GPL, as required". Actually, if you use NSS code in your own code then you don't have to use the GPL if you don't want to. You could release your own code under the MPL, or under some other license compatible with the GPL or the MPL, for example an XFree86-style license.

  • Is NSS based on OpenSSL? I read the web page and it isn't clear. Does the open source world really need yet another crypto library? OpenSSL [openssl.org] has been around for several years now (although it was originally known as SSLeay, the eay for Eric A. Young, it's first and primary author). It's reasonably stable and secure. I believe that stronghold was originally based on a combination of Apache and SSLeay, although I can't offer any references to back that up. If the dependencies in debian can be trusted, then OpenSSH (in the form of libssl0.9) is used by OpenSSH, the ssl enabled telnet stuff, some apache stuff, and other stuff.

    Is this another example of reinventing the wheel? I hope that "a new implementation of the RSA algorithm" is just another way of saying that they're not using the libraries from RSADSA as opposed to saying that they've written another (mozilla-free) version of something that already exists (apache-free) as open source. What would a new implementation provide that wasn't there before?

    Can anyone think of a good reason not to use the OpenSSL libraries? I sure would like to avoid code duplication, especially when it's going to suck up RAM on my computer. Even more especially when it's something as tricky and specialized as crypto code. And what's the point of having shared, dynamically linked libraries when everyone goes and writes their own version.

  • No, they couldn't, because this isn't crypto invented in ten minutes in someone's high school BASIC class. This is RSA.

    -David T. C.
  • I think you're think of DES with the distributed.net challenge. IIRC there is an RSA challenge, but the one you mention is DES. 40bit RSA is very weak. 512bit RSA is within the realms of possibility of being cracked by a well financed Government - 1024 bits or more are really what you want to be using with RSA.

    RSA gets it security because factoring numbers is "hard". However, with RSA an attack based on factoring is still much simpler than trying the brute force 'Try All The Keys' approach, hence the need for a much larger to key to guarantee security.

    G

  • More specifically if N=P*Q and 0x^3 mod N

    Everyone knows N, but only you know P and Q. P and Q are prime and it's _very_ hard to find them from large N. Given a message encoded in this way you have precomputed a quantity D such that

    3*D=1 mod (p-1)*(q-1)

    From Euler's extension of Fermat's little theorem stating that

    a^(tot(N))=1 mod N

    whenever a is relatively prime to N. Here tot(N) is Euler's totient function, the number integers less than N which are relatively prime to N. The condition that a be relatively prime to N can be dropped if we write

    a^(tot(N)+1)=a mod N

    and it can be shown that tot(N)=(P-1)*(Q-1) so 3D=1 mod(p-1)*(q-1) implies that

    (x^3)^D=x^(3*D)=x^(1+m*(p-1)*(q-1)) mod N

    for some m. A repeated application of Euler's theorem m times gives

    (x^3)^D=x mod N

    The security of the method depends on the fact that D is very difficult to compute from N. The number 3 is not magic, other exponents are possible.

    Although you clearly know it, the original poster did not: With proper choice of N, this has only been "cracked" in the somewhat trivial sense that any public key system can be cracked: with enough computational power, you can determine the secret key from the private key. But increasing the key size makes things safe very quickly. (Of course, you have to a good job coding this all up and choosing N---a non-trivial job).

  • If security is the only thing you've been missing from Mozilla, I'm glad for you. Java is STILL missing from it, though it's being worked on. For folks like me who use java applets all over the place, this is a show stopper. I've used PSM, and it's been fine where it's accepted. I'd be more interested if there was a declaration that the mail client would get gpg - then it would come close to matching an ie/outlook combo. Till then.... (sigh).

  • mozilla memory usage (Score:3)

    by tdrury ( 49462 ) on Wednesday September 20, 2000 @07:53AM (#767089) Homepage
    Finally, a Mozilla discussion so I can gripe about memory usage. For the record, I've never had a single complaint about Mozilla, etc. Here is my first.

    Running gtop reports a memory footprint of Mozilla (build 2000080712) of 169708k. I'm assuming this is counting resident, shared, and virtual. However, I can run VMWare running Win98 running IE5.5 and use only 120768k. What's up with that?

    What is Mozilla doing that it needs more memory than an OS, an OS virtualizer, and a browser?

    -tim
  • There is a significant difference between Daikatana and Mozilla which you seem to have overlooked. The difference is that I am using Mozilla right now. I couldn't get a full Daikatana version before they released it. I don't even have Netscape 4.x installed. Mozilla does everything I need. It's stable, its at least as fast as Netscape 4.x, and it renders all the pages I have tried the way they should be rendered. I don't really know what you mean by full version release, but Mozilla is full enough for me right now.

  • Limitations of NSS security (Score:3)

    by flatpack ( 212454 ) on Wednesday September 20, 2000 @03:32AM (#767091)

    It's great to see that the open source browsers can finally be used for "secure" use over the internet, but at the same time I'm wondering why they're using the now-public RSA encryption algorithm.

    I'm not an encryption expert, but surely it seems to me that any algorithm that has been released by a company into the public domain cannot be particularly secure, and indeed the RSA has been cracked already. RSA have obviously got something better up their sleeves, and why should open source products always lag behind their closed source counterparts when it comes to innovation?

    What we really need is to develop new encryption algorithms for our products rather than relying on the left-overs from commercial products.

  • I got an email that said the EFF is having fundraising cocktails in downtown Boston this evening to celebrate. 5:30 at the Harvard Club. $35 minimum requested donation. I'm going.

  • Nope, you're wrong. OpenSSH and Gnupg are open source and no one has managed to crack them. The reason is not that it isn't possible, but because both algorithms use keys significantly large to necessitate a fleet of machines years of churning to break the encryption.

    If you have the time, try cracking an encryption book, it's pretty cool stuff.


  • It probably has something to do with needing to speak https.

    --
  • Nobody has cracked RSA with 128-bit keys -- and for that matter nobody has *cracked* RSA, they've only done it through brute force key attacks!

    They did it with 40-bit quite a while ago on cheap hardware. 56-bit was done by distributed.net back in 1997. And they're still working on 64-bit. What you have to realize is that there are 2^128 (in base 10 that's 3.4 * 10^38) unique possibilities for the key - and only 1 of them will produce the correct decrypted data. It's going to take decades for the computing power to get to the point where that can be cracked in a sufficiently useful period of time (at least using silicon based computers and not some funky organic system).

    And to top it off there are pleny of newer, free, encryption algorithms - try Blowfish [counterpane.com] for one. We need RSA because everyone else in the world uses it... most of the https web servers out there don't speak anything else -OpenSSL/mod_ssl is a nice free exception to that.

  • I still can't stand how slow Mozilla runs on my dual-500! Think it's about time they released a version with all that debugging code ripped out. The slow UI is a big turnoff.

    I'm not trying to be snide or anything but I think that is a problem particular to your machine. I've been running the nightly builds as well as the "stable" releases for several months now. Debugging code or not, Mozilla is as fast on my machine (PII 366mhz Thinkpad 770Z) as any other similarly capable browser I've tried, including IE 5 and Netscape 4.7, and generally pretty stable. While I don't doubt it may be running slow on your machine, don't be so sure it is the debugging code.

    Personally the only real problems I have (besides some already documented bugs) are that it doesn't work with Acrobat reader properly and that sites that do secure banking refuse the connection. (and yes I have the SSL stuff installed) Other than that I use it for 90% of the web browsing I do and it generally works pretty well and is really quite fast. My experiences with it lead me to believe that people complaining about the slowness of it either have some compatibility issues unresolved or are using a very old build. (it was slow for me too at first) While it certainly isn't production code yet, it's getting close and getting there pretty quickly.

  • I assume you're trolling, but for the benefit of everyone else I'd just like to point at Twofish, a highly secure algorithm released royalty-free by the authors. Why did they do that? Simple. The reputation you gain from being known as the designer of a very-widely-used cypher is worth far more than the potential royalties from people licensing your cypher.

  • .. you just haven't been able to use it without
    royalties because of a patent.
    That patent is now expiring, without the possibility of a renewal, so RSA released the patent 2 weeks before the expiry. They wouldn't have made much money from it in such a short time,
    and so it was a PR stunt.
    They have kept it for 20 years(?) or so, and it is one of the most widely used algorithms for public key encryption.
    It is still quite good, and an algorithm being old does not necessary equal bad quality. Some of the most regularly used algorithms were developed in the 60-70's.
    The RSA-patent aslo has nothing to do with opensource.
  • The biggest symmetric key that's been cracked is 64. It took months of work by a bunch of distributed computers. Cracking 128 would take 2^64 times as much effort.

    2^63, I think -- you've got an off-by-one error.

  • Mozilla doesn't support java, nor does it support the Java 1.3 plugin. I find this considerably lacking. Mozilla should eventually come with a web configurator of sorts that would allow people to configure the browser before they download it. As in, I want flash, java, and shockwave. I check them, and I download the browser with these things installed (be they plug-ins or otherwise) I doubt the plugin manufacturers would have much problem with this (unless they were Microsoft), and it could usher in a new wave of recent-java browsers.

  • Re:Limitations of NSS security (Score:4)

    by ssimpson ( 133662 ) <slashdot.samsimpson@com> on Wednesday September 20, 2000 @04:10AM (#767101) Homepage

    It's great to see that the open source browsers can finally be used for "secure" use over the internet, but at the same time I'm wondering why they're using the now-public RSA encryption algorithm.

    Because it's versatile, easy to implement and very well trusted. Oh, and it's free.

    I'm not an encryption expert, but surely it seems to me that any algorithm that has been released by a company into the public domain cannot be particularly secure

    Sorry, that's crap. The strength of RSA is built upon mathematics - how would a patent expiring change this in any way?

    Still, we previously could have used a combination of Elgamal and DSS to do the same as RSA, but all of the existing web servers running SSL and cert vendors (Verisign et al) all solely use RSA - they don't offer Elgamal/DSS certs.

  • I'm running the same thing on an NT 4.0 box with a footprint of 34300k. Perhaps you should re-examine your machine....

  • Strange,

    If I run top I see 'only' 35M memory use (Netscape uses 14M btw) for build 200091908.
    I use it everyday since 3 weeks and am very happy with it (the lastest nighly builds are getting pretty stable)
  • I'm using the Java plugin 1.3 and Java on build 2000080712 under NT 4.0 right now and it works just fine....I haven't tried it under Linux so I don't know if its a porting issue.

  • if you throw a quatum computer at any sort of modern encryption it will be cracked in an instant, regardless of keylengh. A quantum computer tries all possiblities at once.

  • I've been using CSS2 constructs on my pages for ages now, and testing them in Mozilla. Granted, there are some things I can't do thanks to IE's broken (and much more incomplete) CSS2 support, but in particular I've found :before and :after to be quite safe.

  • Sorry, but I have to disagree with you. I've been using Galeon [sourceforge.net] and Mozilla [mozilla.org] nightly builds for the past two months and I can tell you that it's very very feasible to do all of your day to day browsing using either of those two systems.



    If you think Mozilla is too slow, then by all means, use Galeon. It's very fast. I trust you will be impressed by it's speed of loading and rendering pages. I know I am.

  • Running gtop reports a memory footprint of Mozilla (build 2000080712) of 169708k. I'm assuming this is counting resident, shared, and virtual

    And i'm assuming you are seeing the sum of all threads... Top on Linux currently can't distinguish threads and processes.

    I read something about an extra field in the process-table being implemented for clone, so this might be fixed in 2.4.

    (Finally, a discussion where i can gripe about miserable support for pthreads on Linux :)

  • That has already been done, and it's called serpent. You can find more information about it here [cam.ac.uk].
  • I still can't stand how slow Mozilla runs on my dual-500!

    Think it's about time they released a version with all that debugging code ripped out. The slow UI is a big turnoff.

    -Pete
  • From a technical point of view, I have no idea how good RSA is, but I *do* know that RSA (the company) isn't "releasing" anything--their patent is expiring.
    --
    Linux MAPI Server!
    http://www.openone.com/software/MailOne/
  • Mozilla is not perfectly stable yet, but its getting there. Right now the nightly builds (linux) crash on me after about 2 hours of use.

    Compare this to a few months ago (Every 5 minutes) and it is a vast improvement. I have downloaded other netscape releases less stable than this. If you can't live with restarting your web browser several times a day now though, wait a few months before trying mozilla out.

    There have been some significant bug fixes recently. The find on page feature now works when the page has frames, meaning I can now use mozilla to browse the javadocs. Also textareas have gotten a lot more useable and stable recently.

    Most of the bugs that I am finding in the nightly builds are now regressions that are usually fixed within a day, so if something major isn't working in the build you download, try again in a couple days.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close