1995-08-18 - Re: SSL challenge – broken !

Header Data

From: panzer@dhp.com (Panzer Boy)
To: cypherpunks@toad.com
Message Hash: f1bf4b12d2e58471d842d18e9e0c710cfd4661832e4d9167838eaa13ecabcafd
Message ID: <412j0b$6em@dhp.com>
Reply To: <Pine.3.89.9508171031.E16021-0100000@www2.software.net>
UTC Datetime: 1995-08-18 17:34:08 UTC
Raw Date: Fri, 18 Aug 95 10:34:08 PDT

Raw message

From: panzer@dhp.com (Panzer Boy)
Date: Fri, 18 Aug 95 10:34:08 PDT
To: cypherpunks@toad.com
Subject: Re: SSL challenge -- broken !
In-Reply-To: <Pine.3.89.9508171031.E16021-0100000@www2.software.net>
Message-ID: <412j0b$6em@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt (jpp@software.net) wrote:
: Huh?  So you run on 120 workstations worth how much?  to steal a credit
: card number worth how much?  Get real - there are hundreds of ways
: to get credit card numbers that cost less.  The idea is to make
: breaking SSL less attractive than dumpster diving not to make it
: impossible.   I'll lay odds that I could get the credit card number
: of *any* individual in the US in less elapsed time and with nothing
: more than a $1000 windoze machinei, a telephone and a modem.

I'll ignore the offer to gamble due to agreeing with you.  However, your
comparision to dumpster diving is kinda weak.  People everytday use
thousands of dollars worth of computer equipment to download pictures from
select newsgroups.  They have spent couple grand to be able to download
and veiw these pictures on their screens.  Now if you told them that they
could just mail order some videos, magazines or the like, they'ld tell
you it's "easier" their way. 

Many people have access to piles and piles of computer horsepower.  
People without that will still do dumpster diving, but bored sys-admins, 
college students, college-professors, office workers, etc will still have 
easy access to this type of computing power.

The problem also lays in the fact that people are led to believe that 
their information is safe against most attacks, when it's obvious that 
this information is only safe for a very short time.

Has anyone thought about starting up a distributed rc4 cracking web.  
Send in your message to a web server form, it will then spawn of requests 
to a pool of machines willing to try cracking rc4 for you.  Allow anyone 
to offer up spare cycles towards the effort.

-- 
 -Matt     (panzer@dhp.com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."





Thread