[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL challenge -- broken !
On Thu, 17 Aug 1995, John Pettitt wrote:
> On Wed, 16 Aug 1995, Damien Doligez wrote:
> > SSL challenge -- broken
> > It fails on the second count. Don't trust your credit
> > card number to this protocol.
> Huh? So you run on 120 workstations worth how much? to steal a credit
> card number worth how much? Get real - there are hundreds of ways
> to get credit card numbers that cost less. The idea is to make
> breaking SSL less attractive than dumpster diving not to make it
> impossible. I'll lay odds that I could get the credit card number
> of *any* individual in the US in less elapsed time and with nothing
> more than a $1000 windoze machinei, a telephone and a modem.
I think the point here is that its not safe to send credit cards
over the net and just like in rl, you got protect yourself by keeping
a close eye on your credit card transactions. And to prove to
our governments that RSA40 isn't a 'good enough' any more.
On the other hand getting access to 120 workstations should'nt be to
difficult for any system admin. Take my school for example, I could
run the program on some 100 odd SGI Indy workstations, 2 SGI challenge S's
and a challenger DM (2cpus) along with 2 DEC Alphas
As long as I set it to a have high nice value, nobody would notice, or even
Sameer Manek [email protected]