[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bank transactions on Internet
On Apr 8, 2:04pm, Perry E. Metzger wrote:
> Subject: Re: Bank transactions on Internet
>
> > Suddenly some banks here in Estonia have decided that they must start
> > offering banking services over Internet already during the next months.
> > What worries me is that some of them are talking about using 40-bit SSL as
> > the main security mechanism.
>
> That seems very silly. Considering that you folks have no laws
> preventing you from using better I would suggest not doing something
> so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the
> recent paper on key lengths points out.
>
> Perr
>-- End of excerpt from Perry E. Metzger
I can verify that Security First Internet Bank uses 40-bit SSL +
Username/Password. Their HTTP server also supports 128-bit SSL, however they do
not suggest one over the other. I took it upon myself after opening an account
with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make
transactions over the net and SFNB does not limit you to 128-bit. Is it really
that easy to break 40-bit? Don't you need access to a "fair amount of cpu
power"
to brute force crack 40bit? As far as I know client authentication is strictly
username & password. What other authentication system exists??
J.R.Weaver