On Friday, C2Net Software Inc., in conjunction with UK Web, will release SafePassage, the first commercial product to bring to the Web extremely strong cryptographic technology that can be sold outside of the United States. And SafePassage is not alone. Another group of programmers is also developing a freely distributable implementation of IPsec - a method of strongly encrypting all Internet traffic between networks.
SafePassage will run as a proxy on all Microsoft Windows platforms. It works in conjunction with any Web browser that supports SSL, a low-grade exportable encryption scheme, including current versions of Netscape Navigator and Microsoft Internet Explorer.
The proxy resides on a user's PC and intercepts weakly encrypted SSL connections. It then re-encrypts them with a very strong algorithm. "The weak connection never leaves your PC," explains Sameer Parekh, C2Net's 22-year-old president. Standard (non-SSL) Web traffic is unaffected and goes out in the clear.
The product will operate with any SSL-aware Web server, including C2Net's own Stronghold, which is also being developed overseas so it can be sold worldwide. SafePassage is being marketed to multinational companies. These companies can use the product to set up internal Web sites scattered across the globe and feel secure that their data is available only to their employees and is secured against third-party interception while in transit between hosts.
SafePassage is capable of using a number of different cryptographic algorithms (also known as ciphers), including 128-bit RC4, 56-bit DES (Digital Encryption Standard, pronounced "dez," developed by IBM in the 1970s), 3DES (triple DES, using three individual 56-bit keys), and RSA with key pairs of arbitrary length. In the future, it will also support 128-bit IDEA. With the exception of DES, all of these ciphers are considered to be essentially unbreakable using current technology.
Under recently restructured US Commerce Department regulations, cryptographic technology utilizing keys longer than 56 bits may not be exported from the US. However, SafePassage is being developed entirely in several undisclosed overseas countries.
SafePassage is shipped by a company based in Anguilla, that manages the development and owns the intellectual property rights. "The US cryptographic export policy tells us to export jobs, not crypto," says Douglas Barnes, the product manager for SafePassage. "We are following that policy."
Also following that policy are the members of the Linux Free SWAN (Secure Wide-Area Network) project. This loosely knit group of international cryptographers is developing an implementation of IPsec for Linux and other BSD-based Unix platforms. The project is grounded in John Gilmore's SWAN project, an ambitious attempt to secure much of today's Internet from wiretapping.
The SWAN project (which is still in testing) works by having a dedicated server sitting near your outgoing router. Outgoing packets are opportunistically encrypted. This means that if you are communicating with a network that also has a SWAN-aware server near the router, all of your packets will be transparently encrypted while in transit between the two machines. It encrypts everything, not just Web traffic.
IPsec for Linux is being developed primarily in Greece, by John Ioannidis (who bears a striking resemblance to Phil Zimmerman, the author of PGP), with help from a number of other overseas Linux programmers. The current (alpha) version is freely available, with full source code from John's distribution site.
SafePassage is free for noncommercial, educational, and personal use. Commercial licenses will cost US$49 per user, with discounts available for bulk purchases. An evaluation copy can be downloaded from UK Web.
