[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL challenge -- broken !

John Pettitt ([email protected]) wrote:
: Huh?  So you run on 120 workstations worth how much?  to steal a credit
: card number worth how much?  Get real - there are hundreds of ways
: to get credit card numbers that cost less.  The idea is to make
: breaking SSL less attractive than dumpster diving not to make it
: impossible.   I'll lay odds that I could get the credit card number
: of *any* individual in the US in less elapsed time and with nothing
: more than a $1000 windoze machinei, a telephone and a modem.

I'll ignore the offer to gamble due to agreeing with you.  However, your
comparision to dumpster diving is kinda weak.  People everytday use
thousands of dollars worth of computer equipment to download pictures from
select newsgroups.  They have spent couple grand to be able to download
and veiw these pictures on their screens.  Now if you told them that they
could just mail order some videos, magazines or the like, they'ld tell
you it's "easier" their way. 

Many people have access to piles and piles of computer horsepower.  
People without that will still do dumpster diving, but bored sys-admins, 
college students, college-professors, office workers, etc will still have 
easy access to this type of computing power.

The problem also lays in the fact that people are led to believe that 
their information is safe against most attacks, when it's obvious that 
this information is only safe for a very short time.

Has anyone thought about starting up a distributed rc4 cracking web.  
Send in your message to a web server form, it will then spawn of requests 
to a pool of machines willing to try cracking rc4 for you.  Allow anyone 
to offer up spare cycles towards the effort.

 -Matt     ([email protected])                         DI-1-9026
 "That which can never be enforced should not be prohibited."