[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bank information protected by 40-bit encryption....

To: [email protected] (Daniel R. Oelke)
Subject: Re: Bank information protected by 40-bit encryption....
From: Jeff Barber <[email protected]>
Date: Wed, 10 Apr 1996 16:54:51 -0400 (EDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Daniel R. Oelke" at Apr 10, 96 02:21:28 pm
Sender: [email protected]

Daniel R. Oelke writes:
> If you are the worring sort (or are looking for a ripe target)
> point your browser at:
>     https://www.diginsite.com/clients.html
> 
> There is a list of 23 Credit Unions - some (or all) of which
> allow transactions to be done over the net.
> 
> A brief once over shows that it requires Netscape 2.0 or 
> better so you will have encryption, but it does not warn you 
> when you are using only a 40-bit session key vs. a 128-bit key.
> (Netscape wizards - is there a way that the server can detect
>  this so that a warning message could be put up?)

Yes.  Netscape servers pass three (additional) environment variables to
CGI programs when used with SSL.  For a 40-bit invocation, you get:

    HTTPS=ON
    HTTPS_KEYSIZE=128
    HTTPS_SECRETKEYSIZE=40

So, you can distinguish 40- versus 128-bit usage.


-- Jeff

References:
- Bank information protected by 40-bit encryption....
  - From: [email protected] (Daniel R. Oelke)

Prev by Date: RC4 on FPGAs (Was: Bank transactions on Internet)
Next by Date: [NOISE] Re: onyma
Prev by thread: Bank information protected by 40-bit encryption....
Next by thread: Re: Bank information protected by 40-bit encryption....
Index(es):
- Date
- Thread