On Wed, 16 Aug 1995, Damien Doligez wrote:
SSL challenge -- broken
Conclusions:
* Many people have access to the amount of computing power that I used. The exportable SSL protocol is supposed to be weak enough to be easily broken by governments, yet strong enough to resist the attempts of amateurs.
Exactly
It fails on the second count. Don't trust your credit card number to this protocol.
Huh? So you run on 120 workstations worth how much? to steal a credit card number worth how much? Get real - there are hundreds of ways to get credit card numbers that cost less. The idea is to make breaking SSL less attractive than dumpster diving not to make it impossible. I'll lay odds that I could get the credit card number of *any* individual in the US in less elapsed time and with nothing more than a $1000 windoze machinei, a telephone and a modem. John Pettitt jpp@software.net