The huge last-minute agreement on trade relations between the United Kingdom and the European Union has been finalized. However, some security researchers They get some weird aspects The agreement includes 23-year-old Netscape Communicator software as well as older encryption standards.
Several regulations have been made between countries regarding the encryption and sending of messages containing DNA information. The information that a specific set of encryption protocols must use.
As an extension of the standard SMTP the open s / MIME template will be used to encrypt messages with DNA profile information. The S / MIME (v3) protocol allows for signed receipts, security labels, and secure mailing lists. The underlying certificate used by S / MIME must comply with standard X.509.
The processing rules for S / MIME encryption are as follows:
- The sequence of tasks is: first encryption then signature
- AES (Advanced Encryption Standard) encryption algorithm applies to 256-bit keys and RSA 1024-bit symmetric and asymmetric encryption
- The SHA-1 hash algorithm is applied
S / MIME functionality is integrated into the vast majority of modern e-mail software packages such as Outlook, Mozilla Mail and Netscape Communicator 4.x, and works between all major e-mail software packages.
This will have an impact on companies in the European Union or the UK. Netscape Communicator is cited as just one example that supports s / MIME. However, the use of older encryption standards is slightly more worrisome, as the Hackaday website states that the SHA-1 hash algorithm has almost been broken since 2017, while 1024 bit RSA encryption is vulnerable to force attacks by powerful computer users.
As the BBC points out, the same text appears in a 2008 EU document indicating that lawmakers have used older material for the new 1256-page treaty and may not have read it very carefully is. As Professor Bill Buchanan (one of the first people to notice older material) commented, the text looks like a classic copy / paste and without adequate understanding of technical details.
Now some will say why the European Union considered Netscape Communicator 4 a useful application in 2008, when it was last updated in 2002. It is very possible that the 2008 text also borrows from the older part, when Netscape was still relevant. Of course, none of the above would reverse the situation between the European Union and the UK. In any case, because we’re talking about a great deal with a big impact, it would be nice if they were based on something a little more modern than Netscape Communicator 4, at least as far as DNA results exchange. To provide.
