Basically 40 bit encryption is good enough for 99% of its uses, especially SSL, where
you are trusting the client anyway.
But 128 bit is the latest buzz and you will probably have complaints that you are
"only using 40 bit encryption".
Since 128-bit is the default for any browsers in the last year (unless in Cuba, Iraq
or Libya), you won't lose much business with 128 bit encryption. You should be able to
run software that will drop down to 40 from 128 if it can't negotiate 128 bit
security. As others have stated, the real risk is having someone get hold of the
database information with license information. The cracker who does this will be using
an attack that goes over the 40 or 128 bit encryption and uses a flaw in your server
software or database software.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Diane Wood
Sent: Monday, May 07, 2001 16:06
To: [EMAIL PROTECTED]
Subject: 128-bit encryption battle with sales force
Can anyone help me with published references clearly stating that 128-bit encryption
and 1024-bit certificates are recommended in an e-commerce solution? Or, in
opposition, something that explicitly states that 40-bit is a respectable/secure
choice for e-commerce?
I have enabled strong encryption on our current e-commerce website and inadvertantly
started a major battle between our vendor sales manager and myself. The vendor is
concerned they are losing potential customers (money) with the 128-bit requirement,
and claiming to my management that I am being too paranoid.
My management is siding with the sales force and I've been told to roll encryption
back to 40-bit unless I can substantiate my claim that strong encryption is required
to be industry standard for online e-commerce solutions.
Any help would be greatly appreciated!
Thanks,
Diane Wood
Internet & Network Security Services
Florida Department of Highway Safety & Motor Vehicles
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
