[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL challenge -- broken !



On Thu, 17 Aug 1995, John Pettitt wrote:
> On Wed, 16 Aug 1995, Damien Doligez wrote:
> > SSL challenge -- broken
> >               It fails on the second count.  Don't trust your credit
> >   card number to this protocol.
> 
> Huh?  So you run on 120 workstations worth how much?  to steal a credit
> card number worth how much?  Get real - there are hundreds of ways
> to get credit card numbers that cost less.  The idea is to make
> breaking SSL less attractive than dumpster diving not to make it
> impossible.   I'll lay odds that I could get the credit card number
> of *any* individual in the US in less elapsed time and with nothing
> more than a $1000 windoze machinei, a telephone and a modem.
> 
I think the point here is that its not safe to send credit cards
over the net and just like in rl, you got protect yourself by keeping
a close eye on your credit card transactions. And to prove to
our governments that RSA40 isn't a 'good enough' any more.

On the other hand getting access to 120 workstations should'nt be to
difficult for any system admin. Take my school for example, I could
run the program on some 100 odd SGI Indy workstations, 2 SGI challenge S's
and a challenger DM (2cpus) along with 2 DEC Alphas

As long as I set it to a have high nice value, nobody would notice, or even
mind. 

________________________________________________________________________
Sameer Manek                [email protected]         
________________________________________________________________________