C2Net

Last updated

C2Net was an Internet cryptography company founded by Sameer Parekh, which was sold to Red Hat in 2000. It was best known for its Stronghold secure webserver software.

Contents

Community ConneXion

C2Net started out as Community ConneXion in 1994, [1] [2] an Internet Privacy Provider similar to an "Internet Service Provider" providing customers with anonymous Internet services, from dialup access to email accounts. Community ConneXion implemented the first double-blind anonymous mail forwarding service, aka "nym server", [3] [4] [5] [6] as well as being the company that commercialized the Anonymizer before selling it to Lance Cottrell's Anonymizer Inc.

Products: Stronghold and Safe Passage

After seeing a demand for an Apache-based SSL-capable web server, Sameer Parekh developed the first version of Stronghold by plugging together Apache with SSLeay, Apache-SSL, and a commercially licensed RSAref. The product was wildly successful but the company was unwilling to compromise security to get an export license for its products. Thus, C2Net purchased UKWeb, an Apache consultancy in Leeds, which independently re-engineered the Stronghold product (without RSAref) for the international market. This made C2Net the first American company to be capable of providing strong encryption solutions to a worldwide market.

Eventually C2Net hired the SSLeay developers Eric Young and Tim Hudson [1] in Brisbane, Australia to develop more encryption products. C2Net's relationship with RSA Data Security, Inc. was rocky because C2Net was using unlicensed versions of RC4, RC2, and other RSA algorithms (rather than a version licensed from them directly), which made it possible to develop a full strength version of Stronghold outside of the United States. Eventually, C2Net and RSA Data Security, Inc. resolved their differences, and C2Net purchased a patent license for RSA and a license to use RC4 and RC2 within the United States. During merger negotiations between RSA and C2Net, RSA hired C2Net's Australian team and set up their own overseas development effort in Australia in order to produce the BSAFE-SSL product for worldwide sales. Other companies began to emulate this development strategy and the United States government subsequently relaxed restrictions on export of cryptographic technology.

C2Net also offered SafePassage client-side products, including a web proxy and also a Virtual Private Network (VPN). [7]

Hosting the first ApacheCon

In October, 1998, C2Net and the Apache Project hosted the first ApacheCon conference. [8] [9] [10]

New CEO and Sale to Red Hat

After losing the Australian office, C2Net focused primarily on selling and supporting Stronghold and hired a new CEO, Bill Rowzee. He brought the company back to profitability, and as the RSA patent was due to expire in 2000, they shifted the company's strategy to focus primarily on support. Finally, they sold the company to Red Hat in 2000 for around $42.7 Million. [11] [12]

Related Research Articles

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

In cryptography, RC4 is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.

<span class="mw-page-title-main">RC6</span> Block cipher

In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and also was submitted to the NESSIE and CRYPTREC projects. It was a proprietary algorithm, patented by RSA Security.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">RSA Security</span> American computer security company

RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm. NTRUEncrypt was patented, but it was placed in the public domain in 2017. NTRUSign is patented, but it can be used by software under the GPL.

SSLeay is an open-source SSL implementation. It was developed by Eric Andrew Young and Tim J. Hudson as an SSL 3.0 implementation using RC2 and RC4 encryption. The recommended pronunciation is to say each letter s-s-l-e-a-y and was first developed by Eric A. Young ("eay"). SSLeay also included an implementation of the DES from earlier work by Eric Young which was believed to be the first open-source implementation of DES. Development of SSLeay unofficially mostly ended, and volunteers forked the project under the OpenSSL banner around December 1998, when Tim and Eric both commenced working for RSA Security in Australia.

Data Protection Application Programming Interface (DPAPI) is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems. In theory, the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 by Bursztein et al.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

Sameer Parekh is the founder of C2Net Software, Inc.

<span class="mw-page-title-main">Moxie Marlinspike</span> American entrepreneur

Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.

A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2.8. Like other OpenBSD projects such as OpenSSH, it has been ported to other systems based on Berkeley Unix such as FreeBSD and NetBSD, and to Solaris and Linux. One of the Linux ports is supported by Intel for use with its proprietary cryptographic software and hardware to provide hardware-accelerated SSL encryption for the open source Apache HTTP Server.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C and Java. BSAFE was initially created by RSA Security, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA business to Symphony Technology Group in 2020, Dell elected to retain the BSAFE product line. BSAFE was one of the most common encryption toolkits before the RSA patent expired in September 2000. It also contained implementations of the RCx ciphers, with the most common one being RC4. From 2004 to 2013 the default random number generator in the library was a NIST-approved RNG standard, widely known to be insecure from at least 2006, containing a kleptographic backdoor from the American National Security Agency (NSA), as part of its secret Bullrun program. In 2013 Reuters revealed that RSA had received a payment of $10 million to set the compromised algorithm as the default option. The RNG standard was subsequently withdrawn in 2014, and the RNG removed from BSAFE beginning in 2015.

References

  1. 1 2 "About C2Net". c2.net via Internet Archive. Archived from the original on December 10, 1997. Retrieved August 30, 2017.
  2. "COMMUNITY CONNEXION Trademark - Serial Number 75102524 :: Justia Trademarks". justia.com . Retrieved August 30, 2017.
  3. "First Monday: Prospects for Remailers". Archived from the original on 2008-05-17. Retrieved 2017-08-31.
  4. The Anonymizer
  5. 5.01: Scans
  6. "Community Connexion announces worldwide beta-test of The Anonymizer". awe.com. Archived from the original on 2017-08-31. Retrieved August 30, 2017.
  7. "C2Net Products". c2.net via Internet Archive. Archived from the original on December 10, 1997. Retrieved August 30, 2017.
  8. Bowen, Rich (November 4, 2012). "ApacheCon EU". drbacchus.com. Retrieved August 31, 2017. "In 1998, there was an event called ApacheCon, in San Francisco, hosted by CNet, but that was before the Apache Software Foundation was formed." -- Rich Bowen, Vice President of Conferences, Apache Software Foundation.
  9. "Announcing ApacheCon '98 - the conference dedicated to the Apache Web Server". awe.com. Archived from the original on 2011-07-06. Retrieved August 31, 2017.
  10. "ApacheCon '98 - Official Home Page". apachecon.com via InternetArchive. Archived from the original on December 2, 1998. Retrieved August 31, 2017.
  11. "Red Hat Completes C2Net Aquisition [sic] for Approximately $42.7 Million". redhat.com . Retrieved August 30, 2017.
  12. Shankland, Stephen (January 2, 2002). "Short Take: Red Hat completes acquisition of C2Net - CNET". CNET. CBS Interactive. Retrieved August 30, 2017.