Browser made secure in record time
Published: 08 Apr 1998 14:27 BST
In a single fifteen-hour stint, a team of Australian programmers smashed the US Government's encryption export restrictions by adding strong cryptography to the source-code version of Netscape'sbrowser.
It took the Mozilla Crypto Group under two hours to rebuild a working version of the program after receiving the source. Thirteen hours later, the standard Secure Sockets Layer (SSL) had been added and the resulting cryptographically secure system tested live on the Internet with existing servers.
The system, nicknamed Cryptozilla, uses the SSLeay library of non-American software: although the browser isn't yet in finished form, the writers report that the "most important first step has been taken". Executable files of the work in progress are available for a variety of platforms including Linux and Win32: these can be freely downloaded from the web site. The only restriction on them is that if a copy is downloaded in the US, it cannot then be exported.
Strong cryptography as implemented in Cryptozilla ensures beyond reasonable doubt that transactions made across the Web cannot be monitored or faked. The weakened version that the US Government allow for export merely makes it difficult to monitor or spoof a message, but has been shown to be insecure to a concerted attack.
Did you find this article useful?
41 out of 75 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
