Re: high-grade vs low-grade encryption with MD5 and DES

[Dave Paris]

"compromised" is probably a poor word to use, "pointlessly weak" is 
more accurate.  If you're going to use SSL and you're dealing with data 
that needs to be protected longer than 5 minutes, use 128bit SSL.

-dsp

On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:

Hi all.
Verisign currently has a discount on both a high grade (128bits) SSL
encrypted and a low grade (40bits) SSL encrypted certificates. The 
former is
priced at US$895 and the latter at US$1395.
I noticed some sites also present Verisign certificates with low-grade,
54-bits encryption from their Microsoft/IIS servers. However I cannot 
find a
54-bits certificate in 
www.verisign.com/products/site/commerce/index.html
Is this 54-bits affair only for Microsoft / IIS ???
Is low-grade encryption with 40 and 54 bits considered "compromised" 
???
Are there any finance/insurance industry standard requiring a 128 bits,
high-grade encryption ???

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]