On Thursday 20 December 2001 14:58, you wrote: I urge you strongly to advise against that. Although it might be possible to downgrade your encryption to 40bit I'd like to make you aware of the fact that DES which is 56 bit encryption if I'm not mistaken was cracked several times by brute force in UNDER 22 hours by the distributed.net people (www.distributed.net). Therefore I would NOT consider 40 bits encryption safe and I feel obligated to make you aware of that. You are warned now :-) so do as you please.
Kind regards, Ferry van Steen PS I'm also on distributed.net's mailing list. I once asked why it wouldn't be safe then, since distributed.net has a huge load processing power due to the number of people that participate. Appearantly it's fairly easy for a lot of companies/governments/etc to EASILY!! match that computational power. > Hi, > Bit off topic this, but I thought I'd ask anyway... > > I've been implementing a financial reporting system, in PHP, which will be > running on the internet. > > Obviously, therefore, security is an issue. The system itself implements a > username/password login system, but I want to be able to run it using SSL > for obvious reasons. > > My problem is this: The server we have (Red Hat 7.0, Apache 1.3.14-3, > open-ssl 0.9.5a-14, mod_ssl 2.7.1-3) came with ssl preconfigured and ready > to use. It runs at 128 bit encryption which is fine as far as I'm > concerned. > > The people who will be using the system, however, have a company standard > browser which is IE 4 and only supports 40 bit encryption. And for various > political reasons they don't want to upgrade all the browsers. So what I > want to know is how easy it is to "turn down" the encryption level, and how > to go about it. > > Any suggestions, pointers??? All the documentation I've come across thus > far doesn't really cover anything like this.... > > Richy > > > ========================================== > Richard Black > Systems Programmer, DataVisibility Ltd - http://www.datavisibility.com > Tel: 0141 435 3504 > Email: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
