From: Tom Weinstein <tomw@netscape.com>
To: “Daniel R. Oelke” <droelke@rdxsunhost.aud.alcatel.com>
Message Hash: e60efccf4cdd6c04d9a15cb585bbd4c0be0f0965db08876584f52de769da1209
Message ID: <316C8427.52BF@netscape.com>
Reply To: <9604101921.AA25061@spirit.aud.alcatel.com>
UTC Datetime: 1996-04-11 12:50:50 UTC
Raw Date: Thu, 11 Apr 1996 20:50:50 +0800
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 11 Apr 1996 20:50:50 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <9604101921.AA25061@spirit.aud.alcatel.com>
Message-ID: <316C8427.52BF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Daniel R. Oelke wrote:
>
> If you are the worring sort (or are looking for a ripe target)
> point your browser at:
> https://www.diginsite.com/clients.html
>
> There is a list of 23 Credit Unions - some (or all) of which
> allow transactions to be done over the net.
>
> A brief once over shows that it requires Netscape 2.0 or
> better so you will have encryption, but it does not warn you
> when you are using only a 40-bit session key vs. a 128-bit key.
> (Netscape wizards - is there a way that the server can detect
> this so that a warning message could be put up?)
For Netscape servers, you can configure which ciphers you want to use.
I'm sure Apache-SSL and most other SSL-capable servers have the same
sort of thing. I know that Wells Fargo, at least, requires 128-bit
encryption.
--
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | tomw@netscape.com
Return to April 1996
Return to “Tom Weinstein <tomw@netscape.com>”