This is really symptomatic of our industry, isn't it? We seen to be our own worse enemy. Back in 95, it took that French student days to crack the 40-bit codes. Now we are talking about minutes... its disheartening. Merde. I really wonder how some of those MS sites survive these days...
----- Original Message ----- From: "Dave Paris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 06:16 PM Subject: Re: high-grade vs low-grade encryption with MD5 and DES > "compromised" is probably a poor word to use, "pointlessly weak" is > more accurate. If you're going to use SSL and you're dealing with data > that needs to be protected longer than 5 minutes, use 128bit SSL. > > -dsp > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote: > > > Hi all. > > Verisign currently has a discount on both a high grade (128bits) SSL > > encrypted and a low grade (40bits) SSL encrypted certificates. The > > former is > > priced at US$895 and the latter at US$1395. > > I noticed some sites also present Verisign certificates with low-grade, > > 54-bits encryption from their Microsoft/IIS servers. However I cannot > > find a > > 54-bits certificate in > > www.verisign.com/products/site/commerce/index.html > > Is this 54-bits affair only for Microsoft / IIS ??? > > Is low-grade encryption with 40 and 54 bits considered "compromised" > > ??? > > Are there any finance/insurance industry standard requiring a 128 bits, > > high-grade encryption ??? > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
