Congratulations on demonstrating the effort required to break SSL with a 40-bit key. It seems clear demonstrated that this is not adequate to store, say, company-confidential information for communication over insecure networks, since it seems the average grad student at a large university could get access to similar computing power that you used (spare cycles on a hundred workstations or more). However, I disagree with your conclusion:
Many people have access to the amount of computing power that I used. The exportable SSL protocol is supposed to be weak enough to be easily broken by governments, yet strong enough to resist the attempts of amateurs. It fails on the second count. Don't trust your credit card number to this protocol.
Your credit card number, expiration date, etc, are continually being revealed to minimum-wage clerks all the time, unless you never use the card. A chain is only as strong as its weakest link; it makes no sense to buy an expensive lock when your door has a big enough opening to climb through. Should some bad person get hold of your card number and misuse it, you're not out any money: you just tell the card company "I didn't buy that". Since there's so much tracing in the system, if you buy a physical something with a stolen credit card number it can usually be traced to you (who'd they ship the package to?). It's not clear to me that *any* encryption is really essential if the only purpose is to protect credit card #'s from snoopers. There's plenty of stuff that *does* need protection, but I'm not sure credit card #'s head the list. Q: Of the 20,000 credit card #'s stolen from Netcom's computer, how many were used to buy things? Answer: not sure, but expect the answer is "zero".