[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ4 Equifax Certs
- Subject: Re: [cobalt-users] RaQ4 Equifax Certs
- From: Kul <WebMaster@xxxxxxx>
- Date: Tue Jan 23 02:57:19 2001
- Organization: Qax
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Rodolfo J. Paiz (E-mail)" wrote:
> > Even I didn't realize that Thawte's $125 certs weren't 128 bit. When
> > I was talking with a rep about becoming a Thawte reseller, I had the
> > impression that I would be able to purchase 128 bit certs for that
> > price.
>
> You are able to purchase 128-bit certs from Thawte for that price, sort
> of; the difference is that they drop down to 40-bit or 56-bit when used
> internationally. They are only 128-bit *inside* the USA. To some that's
> a moot point; increasingly, to many of us and to millions of browsers
> that's a big damn distinction.
>
> > GW> Will this impact my ability to do credit-card processing?
> > GW> The company I use just said I had to have SSL, they did
> > not specify the quality.
> >
> > I shouldn't impact your ability per se. You'll still be
> > encrypting the session, but only at 1/2 to 1/3 the strength
> > of a 128 bit cert. If a security nut visits your site, they
> > may frown upon the non 128 bit connection and go elsewhere.
>
> Danger, Will Robinson, danger...
>
> 40-bit is *NOT* 1/3 the strength of 128-bit, just as 56-bit is *NOT*
> around 1/2 the strength of 128-bit. I'm sure you know this, but let me
> spell it out in case some lurker gets confused:
>
> 40-bit: 2^40 possible combinations (roughly 1.1 x 10^12)
> 56-bit: 2^56 possible combinations (roughly 7.2 x 10^16)
> 128-bit: 2^128 possible combinations (roughly 3.4 x 10^38)
>
> So a 56-bit cert is 70,000 *times* more difficult to crack by brute
> force than a 40-bit cert... it takes 70,000 times as much effort. And a
> 128-bit cert is 309,485,009,821,345,000,000,000,000 times more difficult
> to crack than a 40-bit cert as well as 4,722,366,482,869,650,000,000
> times more difficult to crack than a 56-bit cert.
>
> There is a *large* difference between them, and as processing power
> increases the probability that 40- or 56-bit certs get hacked increases
> as well. It's still quite tiny, but it's growing. For example, some guys
> at U.C. Berkeley (I think) put about $800K worth of workstations to work
> and cracked a 40-bit key in about four hours. Expensive? Unlikely? Yes.
> But scary nonetheless.
>
> 128-bit certs offer me the comfort that, at present levels of
> technology, it would take someone with the horsepower of the *entire*
> SETI@home project (about 50 TeraFLOPS right now) about
> 215,805,661,416,120 millennia to crack one. Next year may be different,
> but for right now I'm happy.
>
> --
> Rodolfo J. Paiz
> rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>
Rodolfo,
You forgot to add (as seen as lurkers may be present :-)) that although 128bit encryption is about as secure as it can be at the moment (commercially), a hacker could strikeit rich and guess the code first time! (Ive been trying that one with the lottery, but to no avail) Although remote, its still a real possibility. Look at Mr Hitlers Enigma in the 2ww, they were so confident that the enigma code could not be cracked, they became complacent, and then the british mathmatician Alan Turing and his chums at Bletchly Park cracked it, passed it onto the American forces, and subsequently used it against Mr Hitler.
Regards
Kul