On Thu, 17 Aug 1995, John Pettitt wrote:
On Wed, 16 Aug 1995, Damien Doligez wrote:
SSL challenge -- broken It fails on the second count. Don't trust your credit card number to this protocol.
Huh? So you run on 120 workstations worth how much? to steal a credit card number worth how much? Get real - there are hundreds of ways to get credit card numbers that cost less. The idea is to make breaking SSL less attractive than dumpster diving not to make it impossible. I'll lay odds that I could get the credit card number of *any* individual in the US in less elapsed time and with nothing more than a $1000 windoze machinei, a telephone and a modem.
I think the point here is that its not safe to send credit cards over the net and just like in rl, you got protect yourself by keeping a close eye on your credit card transactions. And to prove to our governments that RSA40 isn't a 'good enough' any more. On the other hand getting access to 120 workstations should'nt be to difficult for any system admin. Take my school for example, I could run the program on some 100 odd SGI Indy workstations, 2 SGI challenge S's and a challenger DM (2cpus) along with 2 DEC Alphas As long as I set it to a have high nice value, nobody would notice, or even mind. ________________________________________________________________________ Sameer Manek Seawolf@challenger.atc.fhda.edu ________________________________________________________________________