[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stronghold, revisited

To: tz <[email protected]>
Subject: Stronghold, revisited
From: [email protected] (Greg Broiles)
Date: Sun, 28 Jul 2013 21:54:28 -0700
Cc: [email protected]
In-reply-to: <CAFv7OiifAa2YhwjaqyKQ5-w707a05=oQeiQwv7eSrY6ei219pQ@mail.gmail.com>
References: <CAFv7OiifAa2YhwjaqyKQ5-w707a05=oQeiQwv7eSrY6ei219pQ@mail.gmail.com>

On Sun, Jul 28, 2013 at 2:16 PM, tz <[email protected]> wrote:

> For those who are too young to remember, during the "crypto is munitions"
> period where the source to strong crypto needed to be sent via FAX,
> Stronghold was a proxy that would take ordinary sessions (or I assume 40
> bit - yes, 40 bit, that was "export" strength) crypto on the browser end
> and transform it to the maximum strength on the remote end.

That was C2Net's SafePassage product, Stronghold was an Apache-based
webserver capable of strong crypto SSL.

That seems like a nice idea for today - get a router running DD-WRT or a
Raspberry Pi or similar to proxy all SSL connections and enforce the use of
PFS, watch for CA hijinks, and otherwise make a hard shell around the soft
Windows computers at the center. See, e.g.,
http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fct%2Fartikel%2FMicrosofts-Hintertuer-1921730.html

-- 
Greg Broiles
[email protected] (Lists only. Not for confidential communications.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130728/eddf9910/attachment.html>

References:
- Stronghold, revisited
  - From: [email protected] (tz)

Prev by Date: Urea at NSA Utah Data Center
Next by Date: Urea at NSA Utah Data Center
Previous by thread: Stronghold, revisited
Next by thread: Redecentralize podcast on the Cryptosphere
Index(es):
- Date
- Thread