On Apr 8, 2:04pm, Perry E. Metzger wrote:
Subject: Re: Bank transactions on Internet
Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism.
That seems very silly. Considering that you folks have no laws preventing you from using better I would suggest not doing something so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the recent paper on key lengths points out.
Perr -- End of excerpt from Perry E. Metzger
I can verify that Security First Internet Bank uses 40-bit SSL + Username/Password. Their HTTP server also supports 128-bit SSL, however they do not suggest one over the other. I took it upon myself after opening an account with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make transactions over the net and SFNB does not limit you to 128-bit. Is it really that easy to break 40-bit? Don't you need access to a "fair amount of cpu power" to brute force crack 40bit? As far as I know client authentication is strictly username & password. What other authentication system exists?? J.R.Weaver