Gervase Markham <[EMAIL PROTECTED]> writes:
Ian G wrote: > I'd say 40 bit is good enough for banking, and 128 bit
is good enough for banks :-) As the TLS people have now added a 256 bit protocol suite, they no doubt think that only 256 should be used by banks...
I think you may have missed my point, which was: a number is still a number, and the user has to attach meaning to it, and needs teaching to do so. I assert that this is undesirable.
You can see where the magic-numbers problem has lead with the magic number
"128". Provided that you mention this magic number somewhere in your
marketing literature, your product will be regarded as secure no matter how
bad it is in practice.
~snip~
Peter 128 128 128 128 128 128 128 128 128 128.
You know why they think that about 128 don't you?
after all if it had not been classified as munitions, and export of the 128 bit encryption controlled, then people wouldn't think it was as good as they do.
yup, the 128 bit being controlled for export to other countries, made quite the impression.
Jaqui _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
