From: John Pettitt <jpp@software.net>
To: Damien Doligez <Damien.Doligez@inria.fr>
Message Hash: 6e83ca840d56aaff83c3f41df9d5550d86972eebf2df13e894e93606a7ccc377
Message ID: <Pine.3.89.9508171031.E16021-0100000@www2.software.net>
Reply To: <9508160842.AA27120@couchey.inria.fr>
UTC Datetime: 1995-08-17 21:51:28 UTC
Raw Date: Thu, 17 Aug 95 14:51:28 PDT
From: John Pettitt <jpp@software.net>
Date: Thu, 17 Aug 95 14:51:28 PDT
To: Damien Doligez <Damien.Doligez@inria.fr>
Subject: Re: SSL challenge -- broken !
In-Reply-To: <9508160842.AA27120@couchey.inria.fr>
Message-ID: <Pine.3.89.9508171031.E16021-0100000@www2.software.net>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 16 Aug 1995, Damien Doligez wrote:
> SSL challenge -- broken
>
> Conclusions:
>
> * Many people have access to the amount of computing power that I used.
> The exportable SSL protocol is supposed to be weak enough to be
> easily broken by governments, yet strong enough to resist the attempts
> of amateurs.
Exactly
> It fails on the second count. Don't trust your credit
> card number to this protocol.
Huh? So you run on 120 workstations worth how much? to steal a credit
card number worth how much? Get real - there are hundreds of ways
to get credit card numbers that cost less. The idea is to make
breaking SSL less attractive than dumpster diving not to make it
impossible. I'll lay odds that I could get the credit card number
of *any* individual in the US in less elapsed time and with nothing
more than a $1000 windoze machinei, a telephone and a modem.
John Pettitt
jpp@software.net
Return to August 1995
Return to ““Sameer R. Manek” <seawolf@challenger.atc.fhda.edu>”