1996-04-11 - Re: Bank information protected by 40-bit encryption….

Header Data

From: Jeff Barber <jeffb@sware.com>
To: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Message Hash: 924d2c7965b524034d93eed9a124b7c8221336ae853c095df518e4058dc3fad6
Message ID: <199604102054.QAA23703@jafar.sware.com>
Reply To: <9604101921.AA25061@spirit.aud.alcatel.com>
UTC Datetime: 1996-04-11 04:50:01 UTC
Raw Date: Thu, 11 Apr 1996 12:50:01 +0800

Raw message

From: Jeff Barber <jeffb@sware.com>
Date: Thu, 11 Apr 1996 12:50:01 +0800
To: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <9604101921.AA25061@spirit.aud.alcatel.com>
Message-ID: <199604102054.QAA23703@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Daniel R. Oelke writes:
> If you are the worring sort (or are looking for a ripe target)
> point your browser at:
>     https://www.diginsite.com/clients.html
> 
> There is a list of 23 Credit Unions - some (or all) of which
> allow transactions to be done over the net.
> 
> A brief once over shows that it requires Netscape 2.0 or 
> better so you will have encryption, but it does not warn you 
> when you are using only a 40-bit session key vs. a 128-bit key.
> (Netscape wizards - is there a way that the server can detect
>  this so that a warning message could be put up?)

Yes.  Netscape servers pass three (additional) environment variables to
CGI programs when used with SSL.  For a 40-bit invocation, you get:

    HTTPS=ON
    HTTPS_KEYSIZE=128
    HTTPS_SECRETKEYSIZE=40

So, you can distinguish 40- versus 128-bit usage.


-- Jeff

Thread

• Return to April 1996

• Return to “Black Unicorn <unicorn@schloss.li>”
• Return to “droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)”
• Return to “=?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>”
• Return to “Jeff Barber <jeffb@sware.com>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “sameer@c2.org”

• Return to “Tom Weinstein <tomw@netscape.com>”

• 1996-04-11 (Thu, 11 Apr 1996 11:04:55 +0800) - Bank information protected by 40-bit encryption…. - droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
  • 1996-04-11 (Thu, 11 Apr 1996 12:50:01 +0800) - Re: Bank information protected by 40-bit encryption…. - Jeff Barber <jeffb@sware.com>
  • 1996-04-11 (Thu, 11 Apr 1996 20:50:50 +0800) - Re: Bank information protected by 40-bit encryption…. - Tom Weinstein <tomw@netscape.com>
    • 1996-04-11 (Thu, 11 Apr 1996 21:59:44 +0800) - Re: Bank information protected by 40-bit encryption…. - sameer@c2.org
      • 1996-04-11 (Thu, 11 Apr 1996 20:22:12 +0800) - Re: Bank information protected by 40-bit encryption…. - Tom Weinstein <tomw@netscape.com>
        • 1996-04-11 (Thu, 11 Apr 1996 20:50:01 +0800) - Re: Bank information protected by 40-bit encryption…. - sameer@c2.org
          • 1996-04-11 (Thu, 11 Apr 1996 22:07:33 +0800) - Re: Bank information protected by 40-bit encryption…. - Tom Weinstein <tomw@netscape.com>
            • 1996-04-11 (Fri, 12 Apr 1996 03:08:06 +0800) - Re: Bank information protected by 40-bit encryption…. - =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
              • 1996-04-13 (Sun, 14 Apr 1996 00:14:07 +0800) - Re: Bank information protected by 40-bit encryption…. - Black Unicorn <unicorn@schloss.li>
  • 1996-04-11 (Thu, 11 Apr 1996 23:16:08 +0800) - Re: Bank information protected by 40-bit encryption…. - Jeff Weinstein <jsw@netscape.com>
  • 1996-04-11 (Fri, 12 Apr 1996 01:15:29 +0800) - Re: Bank information protected by 40-bit encryption…. - Jeff Weinstein <jsw@netscape.com>
    • 1996-04-12 (Fri, 12 Apr 1996 09:32:36 +0800) - Re: Bank information protected by 40-bit encryption…. - sameer@c2.org