home :: mark :: c2net-press :: 19970505
This is a copy of the C2Net Press Release from 05 May 1997
C2Net President Sameer Parekh Rejects Weak Keys, Back Doors.
Oakland, CA - C2Net Software, Inc. annouced today the worldwide
availability of Stronghold 2.0, a major upgrade to their secure web
server based on Apache. With this release, Stronghold has added more
functionality than ever, including uncompromised security, web-based
configuration, and new protocol support.
"The Stronghold web server -- like all C2Net products -- supports
full-sized keys, and will never support government back doors," said
C2Net president Sameer Parekh. "We have development teams around the
globe working on our products, free from US export control
policy. Even if some of these countries cave in to US demands, we'll
still be able to produce first-rate, uncompromised security products."
Others Use Compromised Security
In a recent announcement, Netscape Communications announced plans to
include government back doors in their products. "By implementing this
so-called 'key recovery', Netscape is getting a small increase in key
length in exchange for putting your keys in the hands of the
government," said Parekh. "This the same government that hired Aldrich
Ames, the same goverment that has IRS employees surfing taxpayer
databases at will. What do you think is going to happen to your keys?"
According to cryptography expert Bruce Schneier, "There is absolutely
no business case for key recovery. Any benefit you get from longer key
lengths is offset by the enormous security risk of concentrating keys
in a few hands."
Current "export" versions of Netscape and Microsoft web servers use a
weak 40-bit cipher that can be broken in hours by any bored systems
administrator or college student with access to a few hundred idle
machines. By comparison, all C2Net software can use at least 128-bit
To understand this difference, imagine that the hundreds of computers
needed to crack a 40 bit key in a few hours were compressed into a
cube an inch on a side, and you built a computer the size of the Earth
out of these cubes, it would still take this computer more than four
times as long to crack a 128 bit key. It's easy to find a few hundred
computers idle at any medium-sized business or university; Earth-sized
computers are still relatively uncommon.
Stronghold Gaining Market Share
In several recent surveys, Stronghold has emerged as a leading
contender in the web server market. An O'Reilly and
Associates/Netcraft survey of secure web servers in use on the
Internet found that Stronghold was second only to Netscape. The
monthly Netcraft survey of all web servers on the Internet has
indicated for some time that Stronghold is also the second most
popular commercial web server for the Unix platform.
"We've been steadily gaining market share," indicated Parekh, "and to
a great extent it's due to our firm stand that we won't sell
deliberately weakened security products to our customers."
Features in Stronghold 2.0
"We've redesigned the security interfaces and built on the new Apache
1.2 code base," commented Mark Cox, Stronghold product manager at UK
Web. "Stronghold has had many productivity and performance
enhancements and it is now fully compliant with the new HTTP/1.1
standard." The HTTP/1.1 standard is a significant update to HTTP/1.0,
the protocol that governs how web browsers and web servers
HTTP/1.1 brings many new features to the table, including improved
content and language negotiation, improved persistent connections, and
better recovery from interrupted transfers. (For more information on
HTTP/1.1, see http://www.apacheweek.com/features/http11)
Stronghold 2.0 also includes a web-based configuration manager,
allowing web administrators to securely administer their sites from
the web browser of their choice. "We've had a lot of requests for this
feature as Stronghold has grown in popularity," said Douglas Barnes,
C2Net Vice President.
On the security front, the new release includes support for Secure
Sockets Layer (SSL) version 3, which provides stronger security and
more flexibility in choosing ciphers.
UK Web Limited is a leading Internet services company specialising in
server technology, Internet security, business solutions and effective
C2Net is the leading worldwide provider of uncompromised network
Netscape Navigator and Netscape Enterprise are trademarks of Netscape
Communications Corporation. Microsoft Internet Explorer and Microsoft
Internet Information Server are trademarks of Microsoft Corporation.
Stronghold and SafePassage are trademarks of C2Net Software, Inc.
Portions of Stronghold were developed by the Apache Group, and were
taken with permission from the Apache Server http://www.apache.org/.
Stronghold also includes software developed by Eric Young