1996-04-09 - Re: Bank transactions on Internet

Header Data

From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
To: Jim Philips <jimp@sfnb.com>
Message Hash: f0071a9f82d2a147b0e912c3bd497f2640bf76538a18b62a40a7f47f0c4c1d85
Message ID: <Pine.GSO.3.92.960409172308.9284D-100000@happyman>
Reply To: <9604081946.AA00048@saloon.fivepaces.com>
UTC Datetime: 1996-04-09 20:32:35 UTC
Raw Date: Wed, 10 Apr 1996 04:32:35 +0800

Raw message

From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Wed, 10 Apr 1996 04:32:35 +0800
To: Jim Philips <jimp@sfnb.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604081946.AA00048@saloon.fivepaces.com>
Message-ID: <Pine.GSO.3.92.960409172308.9284D-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, Jim Philips wrote:

> I work with Security First. I would like to add that we use SSL 128 bit key
> with 40 secret, but it is not the only security feature we have. So far, it
> has been the means for encrypting data coming to and from the Bank. We also
> have a site certificate from Verisign and multiple layers of internal
> security at the site. I cannot agree that this encryption is "worthless".

As far as I understand anyone can fairly easy crack the 40-bit SSL your
bank is using, and you must be lucky nobody has done it yet with your
account. Still it seems odd that banks are telling their customers about
secure communications without having any real security.

Jüri Kaljundi
jk@digit.ee






Thread