- From: Tom Weinstein <tomw@netscape.com>
- Date: Fri, 11 Oct 1996 16:14:13 -0700
- To: Jeff Williams <jwkckid1@ix.netcom.com>
- CC: ietf-tls@w3.org
Jeff Williams wrote: > > At 10:51 AM 10/11/96 -0700, you wrote: > >> Do you suggest that the encryption (even 40-bit) is the weak link in >> this scheme? I don't think so. While there may be some advantages >> to be gained by moving the dependency up to the security of the key >> exchange from that of the bulk cipher, I don't think they outweigh >> the disadvantages. > > I just can't agree compleatly with you here Tom. 40 bit has already > been broken and can easly be broken again in about 2 seconds. 40 bit can be broken in about a week with approximately $400 worth of hardware. The NSA can probably break it in some small number of seconds. All of that is completely immaterial because the selection of the password is the weak link here. Do you really think you can remember a password with more than 40 bits if entropy? -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Received on Friday, 11 October 1996 19:13:07 UTC