Security Basics mailing list archives
Re: 40-bit VS 128-bit Encryption
From: "Adam Newhard" <atnewhard () microstrain com>
Date: Fri, 20 Jun 2003 12:11:01 -0400
It all depends on how important you feel the username and password are;) Every encryption "can" be cracked", it's just a matter of time. I'd say use 128-bit not only b/c it's stronger, but in my experiences I'd rather spend a little bit more money on hardware that'll do 128-bit w/o any notice of lag or any real performance impact. Also, think of it this way...incorporate the ignorance of many people...what kind of facial expressions are you gonna get from your bosses when you finish the project, present it to them, and one of them thinking they really know what's going on asks how many bits of encryption there are? Then when you say 40 (even though it's something really easy to change to 128...he won't understand that), think of what kind of facial expressions he'll make. In a lot of cases, you'll get some frowns. If you're producing this for someone who isn't very competent at encryption, they'll be more pleased with buzz words than anything else. In other words, if you can get 128 w/o any real performance hit...use it...not only for protection of you against people trying to break the encryption, but also for protection of you against an angry boss. if you ever get complaints from a boss that says it's too slow for them, you always have the "you told me to do it" card, but that's not always wise. adam ---------------------------------------------------- Adam Newhard Microstrain, Inc. If vegetarians eat vegetables, watch out for humanitarians ----- Original Message ----- From: "Stephen Bock" <sbock () smchcn net> To: <security-basics () securityfocus com> Sent: Thursday, June 19, 2003 1:21 PM Subject: 40-bit VS 128-bit Encryption
I am setting up a secure website and i was wondering which would be better to use, 40-bit or 128-bit? Obviously, 128-bit would be stronger and not easily crackable, but it is also more expensive. Does anybody know if 40
or
128-bit has been cracked yet? I'm not going to be transmitting any credit card info over the net, but i will be sending username, password, etc.
What
are your thoughts? ---------------------------------- Stephen Bock Information Technology/Webmaster Samaritan Ministries International --------------------------------------------------------------------------
-
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- 40-bit VS 128-bit Encryption Stephen Bock (Jun 20)
- RE: 40-bit VS 128-bit Encryption Richard Parry (Jun 21)
- Re: 40-bit VS 128-bit Encryption Adam Newhard (Jun 21)
- RE: 40-bit VS 128-bit Encryption Paul Benedek (Jun 21)
- Re: 40-bit VS 128-bit Encryption phil baskers (Jun 23)
- <Possible follow-ups>
- RE: 40-bit VS 128-bit Encryption DeGennaro, Gregory (Jun 21)
- RE: 40-bit VS 128-bit Encryption Allan Schon (Jun 21)
- RE: 40-bit VS 128-bit Encryption Jonathan Grotegut (Jun 24)
- RE: 40-bit VS 128-bit Encryption Joseph Mathews (Jun 25)
- Re: 40-bit VS 128-bit Encryption Olivier DEBRE (Jun 25)
- RE: 40-bit VS 128-bit Encryption Joseph Mathews (Jun 25)
- RE: 40-bit VS 128-bit Encryption Cushing, David (Jun 25)
- RE: 40-bit VS 128-bit Encryption Alexandre . Steinberg (Jun 25)