Phil Fraering writes:
I ran across this at the web site of a New Orleans area web authoring company. I checked with a friend of mine of long standing on this list, and he assured me that the information was probably false.
(Here it is...)
[..]
SSL & SHTTP Encrypted Web Systems (using the maximum 1024-bit encryption keys)
[..]
Well? Do _any_ of you know of a 1024-bit encryption standard for the world wide web currently in use? According to these people, they're using it.
In non-"export" SSL using RSA as the key-exchange algorithim 1024-bit RSA keys can be used. 128-bit RC4 is most commonly used as the symmetric algorithim in this case. It's not snake oil. I'd guess that some marketing-type person found out enough about SSL to know that it uses 1024-bit RSA keys and thoght that since 1024 bits is bigger than 128, they'd claim 1024 bit keys. There's nothing really wrong with that. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm If you don't see the fnords, they won't eat your packets. If you do see the fnords, they will eat your packets, so you won't see them. PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF