The last-minute agreement on trade relations between the United Kingdom and the European Union has been finalized. However, some security researchers They found some strange aspects The agreement includes 23-year-old Netscape Communicator software and outdated encryption standards.
Numerous regulations refer to the encryption and transmission of messages containing DNA information between countries. Information on the use of specific encryption protocols.
The OpenS / MIME template will be used as an extension of the standard SMTP to encrypt messages containing DNA profile information. The s / MIME (v3) protocol allows for signed receipts, security labels, and secure mailing lists. The basic certificate used by S / MIME must be in accordance with X.509.
The processing rules for S / MIME encryption are as follows:
- Order of functions: first encryption and then signature
- AES (Advanced Encryption Standard) encryption algorithm with 256-bit key and RSA 1024-bit is used for symmetrical and asymmetric encryption.
- The SHA-1 hash algorithm was applied
S / MIME functionality is integrated into modern e-mail software packages such as /tlouk, Mozilla Mail, and Netscape Communicator 4.x, and works with all major e-mail software packages.
Its real impact on companies in the European Union or the UK may be small. Netscape Communicator is cited as an example that supports S / MIME. However, the use of outdated encryption standards is less worrying, as the Hackday website points out that the SHA-1 hash algorithm has been virtually broken since 2017, while 1024-bit RSA encryption is under brutal attack by powerful modern computers.
As the BBC points out, similar texts can be found in the 2008 European Union document, which indicates that lawmakers used old materials for the 1256-page New Testament and did not read it very carefully. As Professor Bill Buchanan (one of the first to notice the old material) commented, the text looks like a classic copy / paste, without a sufficient understanding of the technical details.
Some will now say why the European Union considered Netscape Communicator 4 when it was last updated in 2002 as a useful application in 2008. While the 2008 text Netscape is still relevant, it is possible to borrow parts from the old one. Of course, none of the above will change the situation between the EU and the UK. Anyway, since we’re talking about a big deal, it’s better if it’s based on something a little more modern than Netscape Communicator 4, at least for the transfer of DNA results.