OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Zar Cho (zar_choyahoo.com)
Date: Mon May 14 2001 - 10:59:35 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    OK, Fred, I found this article from MS Support:

    http://support.microsoft.com/support/kb/articles/q290/3/88.asp

    But I'm a bit confused, because it says:

    "SGC stands for Server Gated Cryptography. You will
    also see the term 'Global ID.' These terms are
    synonymous with VeriSign. What this type of
    certificate does is to allow 40-bit browsers to make
    128-bit connections. This type of certificate was
    needed due to export laws; before they were lifted for
    most countries..."

    And then:

    "...Please note that your browser, whether it is
    40-bit, 56-bit, or 128-bit, only connects at that
    level of cipher strength.
    Example
    If the site has a 128-bit certificate, and you have a
    56-bit browser, then you connect using 56-bit cipher
    strength... "

    Is there some difference between the connections
    mentioned in the first paragraph (128 bits allowed)
    and the later ones (not 128 bits allowed)?

    Isn't that confusing, or I need less coffee in the
    mornings?

    Thx

    ----------
    De: Collin, Frederic[SMTP:Frederic.CollinCCQ.ORG]
    Enviado el: Jueves 10 de Mayo de 2001 16:34
    Asunto: Re: Internet Explorer cipher strength

    No it is because the server uses an SGC (server gated
    cryptography)
    certificate which enables recent (MSIE 4.x+ or
    Netscape 4.x(?))
    international (40bit) browsers to have their
    Encryption strength
    elevated to 128 bit with specific servers.

    Thawte has an FAQ about SGC:
    http://www.thawte.com/support/server/supercert.html

    Fred Collin

    --- Zar Cho <zar_choyahoo.com> wrote:
    > Due to the fact that I don't live in the States, in
    > my
    > company we have IE 5 installed with 56 bits cipher
    > strength.
    > However, when I connect to a site, in the conexion
    > properties, it states:
    >
    > RC4 with 128 bit encryption (High); RSA with 1024
    > bit
    > exchange.
    >
    > Is this a bug? Is IE giving a sense of false
    > security
    > here, or am I missing something?
    >
    > Thanks
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Auctions - buy the things you want at great
    > prices
    > http://auctions.yahoo.com/
    >

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Auctions - buy the things you want at great prices
    http://auctions.yahoo.com/