If you do significant work with secure transactions over the Internet using Netscape Navigator, you might want to download version 1.12 of the popular Web browser, which patches a security loophole identified by Ian Goldberg and David Wagner, two U.C. Berkeley students, a little over a week ago. This version doesn’t incorporate any new features of the forthcoming Netscape 2.0, but allegedly fixes a problem that could allow savvy hackers to decipher Netscape-encrypted transactions in a relatively short amount of time (estimates range from a few seconds to a few hours per message, depending who you talk to).
Netscape was very fast to respond to the discovery and (correctly) points out this is still a potential problem since there are no known cases of it having been exploited. However, news of the problem made it all the way to The New York Times, The Wall Street Journal, and CNN, and one wonders if there wasn’t some pressure put on the company by nervous investors holding their brand-new (and over-valued) shares of Netscape stock.
Where to Find It — Netscape has released both a new version of Navigator and a patcher application to update 68K, fat, and PowerPC versions of Netscape 1.1 to version 1.12:
As usual, read the licence agreement and export restrictions before you download a copy. Netscape has seven FTP sites online right now, so if the URL above refuses connections, put the number 2 through 7 after "ftp" in the site names above to access a parallel site. Note some of the links to the Mac versions on Netscape’s own download pages are incorrect, since they point to version "1.22", which is correct for various versions of Windows, but not for Macintosh or Unix.
The Nature of the Problem — So what’s the fuss all about and should you be worried? The bottom line is that if you use Netscape to browse the Web and maybe buy the occasional book or CD, don’t break a sweat. Typical Internet users very rarely use the security features built into Netscape, and the Unix versions of Netscape Navigator are the ones most exposed to this problem. However, these events illuminate some interesting aspects of the technology behind online transactions.
The version of Netscape Navigator available for export uses a 40-bit "seed" to encrypt online transactions. An individual bit can have two values – the fabled 0 and 1 – so 40 bits allows 2^40 (about 1.1 trillion) possible combinations of bits that can be used for a seed. The idea is that these 40 bits are determined randomly – that is, it should be just as likely for one sequence of 40 bits to be used as any other sequence of 40 bits. Hence, clandestinely decrypting one of these transactions requires a hacker to use a "brute force" method (trying one combination of 40 bits after another in order) until they finally stumble across the correct sequence that allows them to decrypt the message.
Although testing up to 1.1 trillion combinations seems daunting to most folks, it’s considered barely adequate by people involved with computer security, and in light of the explosive increase in computing power over the last few years, they’re right. The not-for-export version of Netscape uses a considerably larger 128-bit key (allowing about 3.4^38 combinations) which is considered reasonably secure. However, 128-bit encryption keys are considered a munition by the U.S. government and, hence, cannot be exported. A 40-bit encryption key is the largest allowable under U.S. export law, so that’s what the exportable versions of Netscape use.
The problem with Netscape is not that Ian and David found some new algorithm to quickly break all 40-bit encryption schemes; instead, they found a problem with the way Netscape "randomly" determines the 40 bits it’s going to use for the key. Some intelligent guesswork based on the time and process attributes of the Netscape application resulted in a substantially fewer than 1.1 trillion possible combinations of keys, making a brute force test of the remaining combinations much more practical. Ian and David claim to have determined the key used for transactions within as little as 25 seconds on a high-end machine; furthermore, once you have a valid key, determining the keys used for subsequent transactions is apparently rather simple.
Netscape has determined the problem will also affect the 128-bit version of its encryption scheme (although it still remains considerably harder to break); however, perhaps more significant is how the problem may affect users of the Netscape Commerce Server product. With the Commerce Server, it may not be simply a matter of installing a software update; users may have to generate and validate new digital signatures using the updated software. Netscape has had little to say about this possibility, save that it will issue a patch for Commerce Server customers.
Security Through Obscurity — Netscape claims this key-generation problem does not affect its Secure Sockets Layer (SSL) or other encryption technologies, but – at the moment – there’s simply no way to know for certain if this or other problems might impact those features. In its public response to this problem, Netscape announced it will begin consulting with a group of external security experts to validate its solution to this problem, and "to work with Netscape’s internal security experts to review the design and implementation of security in Netscape’s products and to provide an additional measure of assurance that these products implement the highest levels of security possible."
It seems to me that what’s most important about this statement is what’s not said: it implies that previously Netscape has not been consulting with external experts, and is only doing so after a problem was uncovered. When one considers the sheer number of client and server products Netscape develops, the nature of the security features they implement, and the length of those products’ development cycles, there would seem to be a possibility that other, as-yet-undiscovered problems exist. For security software to be considered reliable, it seems reasonable that it should be subjected to wide-ranging, detailed scrutiny.
Although Netscape seems to be taking these issues seriously, their statement also makes no mention of whether it will supply these security experts with details of its security implementations. Releasing detailed information might seem counter-intuitive – after all, you don’t give a thief the combination to a safe then see if that thief can open it. However, without releasing that information (even to trusted "external experts" rather than the general public), Netscape is relying on "security through obscurity" – basically assuming that if no one knows how their security software works, no one will be able to compromise it.
It’s worth noting that security algorithms don’t have to be secret to be effective – the methodology behind DES encryption has been well-known for years, and recently t-shirts have been appearing with "munitions-grade" encryption schemes printed on them. By failing to make their security mechanisms available for scrutiny, users and customers must decide whether they trust Netscape when it says its software is secure. In light of last week’s events, that question is probably on a lot of people’s minds.
Mountains and Molehills — Again, it should be emphasized this particular problem does not impact the vast majority of Netscape users, and the odds of anything bad happening even if you are affected are pretty darn low. Also, Netscape’s response to the problem was rapid and public, which is more than can be said for most software companies faced with issues of this nature. Still, combined with popular paranoia about computers and the Internet, these events make clear that online security and transactions are now a headline issue.