Re: ASP.NET DEVELOPRS encryption question

[inbox]

My read is that HTTPS is handled via trivial (took me 15 
to 30 minutes to hack and successfuly "script" the OpenSRS 
RWI and code runs on Win 98+) Windows OS calls and HTTPS 
is also handled in a similarly transparent manor on other 
platforms as well. So, while the client is still burdened, 
long lived defacto standards make HTTPS a snap to 
implement on most (all?) platforms.

For non trivial keys and proper implementation Blowfish is 
more secure than HTTPS (512 bit bruteforce is still 
thought to be the only way to "break" Blowfish) however so 
long as knowledge of my Username and Password allways 
anyone access to the RWI environment from any PC in the 
world then I suggest the added security of Blowfish is an 
illusion, as well as the rest of the OpenSRS API security 
layer. And DES is considered a fairly trivial hack 
(reached the end of it's useful life -- Which is exactly 
why Blowfish was created in the first place) these days 
and so actually offers zero security.



On Mon, 24 Nov 2003 11:30:08 -0800 (PST)
 Tim Woodcock <[EMAIL PROTECTED]> wrote:
If communications are encrypted using SSL, that 
eliminates the need to
do any encryption in the client code.