1996-04-09 - Re: Bank transactions on Internet

Header Data

From: “JR Weaver” <weaver@harry.bwi.wec.com>
To: jk@digit.ee>
Message Hash: 68e39f69f3a5676ed708daad3b7e72f2378ab44c61d020d4b79fe67cc2106aa7
Message ID: <9604081642.ZM1632@harry.bwi.wec.com>
Reply To: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
UTC Datetime: 1996-04-09 03:09:46 UTC
Raw Date: Tue, 9 Apr 1996 11:09:46 +0800

Raw message

From: "JR Weaver" <weaver@harry.bwi.wec.com>
Date: Tue, 9 Apr 1996 11:09:46 +0800
To: jk@digit.ee>
Subject: Re: Bank transactions on Internet
In-Reply-To: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
Message-ID: <9604081642.ZM1632@harry.bwi.wec.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 8,  2:04pm, Perry E. Metzger wrote:
> Subject: Re: Bank transactions on Internet
>
> > Suddenly some banks here in Estonia have decided that they must start
> > offering banking services over Internet already during the next months.
> > What worries me is that some of them are talking about using 40-bit SSL as
> > the main security mechanism.
>
> That seems very silly. Considering that you folks have no laws
> preventing you from using better I would suggest not doing something
> so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the
> recent paper on key lengths points out.
>
> Perr
>-- End of excerpt from Perry E. Metzger

I can verify that Security First Internet Bank uses 40-bit SSL +
Username/Password. Their HTTP server also supports 128-bit SSL, however they do
not suggest one over the other. I took it upon myself after opening an account
with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make
transactions over the net and SFNB does not limit you to 128-bit. Is it really
that easy to break 40-bit? Don't you need access to a "fair amount of cpu
power"
to brute force crack 40bit? As far as I know client authentication is strictly
username & password. What other authentication system exists??

J.R.Weaver







Thread