A new NT 4.0 security hole, and a workaround
Two days later another user, Hector Isias, posted this workaround :
See  for first-day coverage from the premier crypto conference . Aaron Burns, the recently appointed government "crypto czar" (he hates the term -- "I'm mindful of what happened to the real czar," he says), entered the lions' den and got points for showing up, though he simply reiterated the Administration's line on key recovery. Burns was preceded on the program by separate teleconferenced appearances from House and Senate lawmakers who promised to reintroduce legislation to ease crypto export (it stalled last term).
This is why you should use a longer key
Yesterday RSA posted the target cyphers in its new challenge (see TBTF for 1997-01-11 ) and the simplest, the 40-bit puzzle, was broken 3-1/2 hours later. Ian Goldberg, a UC Berkeley graduate student, announced that he had used about 250 idle machines in the university network to test 100 billion possible keys per hour. The challenge message, once deciphered, read "This is why you should use a longer key." Goldberg wins $1000 from RSA for the quick accomplishment. He is one of the grad students who in 1995 found a Netscape flaw and cracked their 40-bit encryption in under a minute . Goldberg is also signed up as the instructor for the week-long intensive crypto workshop that precedes the Financial Cryptogaphy 97 conference  next month on the Caribbean island of Anguilla.
NIST calls for a new government crypto standard
The National Institute of Standards and Technology has requested  a new encryption algorithm to replace the Data Encryption Standard, DES. The new standard is to be called the Advanced Encryption Standard (AES). It must be a public, symmetric-block cipher with a flexible key length, implementable into hardware or software, and free from patent restrictions. The NIST request reflects the marketplace's rejection of the Skipjack algorithm, which was implemented in the Clipper chip. A separate NIST advisory committee made up of government officials and supporters of key escrow is developing a "key management infrastructure" that would be used with AES.
Encrypted email coming for Scandanavia / Finland
It was as if an invisible hand wrote these events on the same page. An alliance of Finland, Norway, Sweden, and Denmark plans to introduce a smartcard-based secure email service  that will be available to all citizens of these countries. It will use PGP-based RSA encryption with a key length of 1024 bits, and no key escrow or key recovery. A Finnish official said, "Finnish policy has not been to start with regulations and fear of Net issues. The American discussion on this matter has been funny to watch, but I hope nobody in Europe or Finland starts to question the very basics of democracy."
Early in 1996 David Milligan founded VanityMail, which he claims was the first such operation to offer customized addresses, POP service, and lifetime forwarding. Milligan joined forces last year with Gary Millin at GlobeComm. The company is funded by private Wall Street capital and does not disclose earnings. In an interview with Millin and Milligan I asked whether GlobeComm had ever been sued over domain-name issues. Millin responded that the company has been involved in over 40 disputes, but that none has ended up in court. They are all either resolved or the complaintant simply faded away when GlobeComm didn't cower at receiving a cease-and-desist order from a lawyer. "I've got a file cabinet full of them," Millin said
> SYSTRAN Software, Inc. has made available an experimental (alpha-
> release) web page translation service that will translate non-
> framed pages of 10K or less for any URL you submit (be sure to
> understand what "fully qualified URL" means before you begin),
> from its original langauge to another for selected languages.
> At present, 6 languages (French, German, Italian, Portuguese,
> Spanish, and Russian) are available, though the language trans-
> lated from or to is always English. Translation times can take
> from 30 seconds to 3 minutes or longer, and translations (as
> might be expected) are at times somewhat wooden. This is an ex-
> periment that could foreshadow the hoped-for ideal translation
> services of the future. Note that Netscape and Internet Explorer
> are the only browsers that are fully supported.
Unfortunately the intrepid Internet Scout may have dealt a mortal blow to SYSTRAN, in the same way that a critic can ruin a good, undiscovered restaurant by reviewing it favorably. I finally got TBTF's Jargon Scout page  translated into Spanish -- see the result ("Explorador De la Jerga") here . This success followed 19 attempts at all hours of the day and night over the preceding four days. Some of them timed out (taking up to 30 minutes) and some returned "Document contains no data." That's one overloaded translation server.
> Then, as now, there were many innovators, experimenters, and compet-
> ing factions that included national governments. It was possible to
> communicate freely with other individuals worldwide with a small in-
> vestment of time and money. And the big companies wanted to control
> it all for themselves.
Among the many undocumented things Navigator will tell you about are these two useful ones, turned up by Aaron Breckenridge <dbr056 at airmail dot net>:
The global history is everything you've ever visited; it's how Navigator knows to render a link in the "visited" color. If you're a packrat, as I am, go to Options > General Preferences > Appearance and set "Followed Links Expire" to "Never." Your history file can grow very large if you do this. Mine was 2.8 MB when I asked Navigator about it. The program took a very long time to run out of memory, even after I had granted it 50 MB to play in, and on the Mac at least it can't be interrupted while doing so.
We'll give the last word to Mozilla, the mythical Godzilla-like creature who is Netscape's totem. (I had always assumed that the name derives from "Mosaic gorilla," 900-pound variety; but reader Alejandro Gomez <nezumi at aurora dot teesa dot com> supplied the more reasonable guess that Mozilla's parents are Mosaic and Godzilla. Recall that the original name of the corporation now called Netscape was Mosaic Netscape Communications.)
> And the beast shall come forth surrounded by a roiling cloud of
> vengeance. The house of the unbelievers shall be razed and they
> shall be scorched to the earth. Their tags shall blink until the
> end of days. -- The Book of Mozilla, 12:10
There are two kinds of people on the Net: those who don't see anything wrong with blinking text and animated .GIFs and those can't abide them. It's a religious issue. The divide that cleaves the two camps is their answer to the following question:
Thanks to Keith Bostic <bostic at bsdi dot com> for the eggfest.
I recently had the disorienting experience of reading TBTF as it arrived in the email of an AOL subscriber. The default AOL mailer font is proportionally spaced. So for all you AOL subscribers who have been wondering about the meaningless jumble of characters at the beginning of each issue: it's a pair of lips rendered in Ascii characters and intended for monospaced display -- a quaint example of a soon-to-be-forgotten art. Set the mailer's font to Courier; or read TBTF on the Web, you betta' off.
This issue marks the 100th published TBTF. Raise a glass with me.
E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For complete subscription information see <http://www.tbtf.com/resource/e.commerce-today.txt>.
Scout Report -- mail email@example.com without subject and with message: subscribe scout-report . Web home at <http://rs.internic.net/scout/index.html>.
NetSurfer Digest -- mail firstname.lastname@example.org without subject and with message: subscribe nsdigest-html /or/ subscribe nsdigest-text . Web home at <http://www.netsurf.com/>.
TBTF alerts you weekly to bellwethers in computer and communications tech- nology, with special attention to commerce on the Internet. Published since 1994. See the archive at <http://www.tbtf.com/>. To subscribe send the mes- sage "subscribe" to email@example.com. TBTF is Copyright 1996 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use prohibited. For non- commercial purposes please forward and post as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.