httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: (fwd) SSL Challenge - broken!
Date Tue, 22 Aug 1995 08:45:41 GMT
> On Thu, 17 Aug 1995, Roy Fielding wrote:
> > 
> > I don't see what the surpise is either -- 40bit keys are meant
> > to be broken.
>     Anyone who doesn't use 128-bit keys for truly sensitive data is
> asking for trouble anyway.  

Well, I've been told that without a green card (I'm a Brit in the US),
I'm not even allowed to use the 128-bit stuff under US law.

Even if I wanted to use my credit card over the net, I couldn't do it
with confidence.

> Besides, the amount of CPU power needed to
> break just that one 40-bit encrypted transaction is far beyond the
> reach of most people.  

...trouble is, crackers have access to much more computing power than
is required. When they broke into our machines a few months back, they
had access to lots of powerful machines, and they could have attacked
one of the most powerful machines in the world if they'd had more time -
maybe they did attack it - we just down know.


View raw message