New^W NOT in Kestrel #2: "Export"-grade encryption is junk(ed)
Monday, October 8, 2007 2:48:50 PM
There are several reasons for this move:
- 40 and 56-bit encryption methods are "soooooooo" last century. These methods were defined as a way for US based browser vendors to be able to distribute their SSL enabled client outside the US. The reason this was necessary is that the US government and several allies defined (and I believe still define) encryption as a weapon, but it was possible to get permission to export software that only supported 40 bit encryption (and later 56 bit) and that included a couple of other restrictions (there was an exception for financial services). The reason for the limitations was, presumably, that the intelligence communities of these countries had the technology needed to break these keys. In 1999/2000 the restrictions were partially lifted, at least for mass market products like browsers and email clients.
- 40 and 56-bit methods are dismally weak given today's technology. In mid-1998 56-bit DES was broken in less than a 56 hours, this was reduced to 24 hours less than half a year later. Given today's technology I expect that the same can be done in less than 30 minutes with enough hardware. And 40-bit can probably be broken in less than a second. What this means is that these methods no longer provide any protection at all.
- Any server that only supports these methods is more than 8 years old, which means the actual security of the server, even ignoring the lack of encryption strength, is .... questionable. To top it off, a number of Certificate Authorities sell "SGC" certificates that will permit most US produced and exported servers (and clients) to enable 128 bit encryption. These certificates were originally reserved financial institutions, but after the crypto export restrictions were lifted they have become available to all.
While I believe servers that only support 40/56 bit encryption are a bit more common, in absolute numbers (perhaps a few thousand), than SSL v2 servers, I can't remember hearing about any such sites for over a year, despite the fact the the methods have been disabled by default about that long in several browsers. That indicates that the servers are not visited by a lot of people, if any. I think it is time to signal quite clearly to the sites that may be left that the technology they are using is obsolete.
If you do encounter a "secure" site that require 40 or 56 bit encryption, what can you do? Well, I don't recommend it, but you can go back to Opera 9.2x and enable the weak ciphers. But before you do, perhaps you should ask the system administrator this question: "Why are you running the site with 8 year old software?"