[2682] in cryptography@c2.net mail archive
Forty Bit Negligence (was: PPTP (again))
daemon@ATHENA.MIT.EDU (Rick Smith)
Wed May 13 14:26:48 1998
In-Reply-To: <89503255816736@cs26.cs.auckland.ac.nz>
Date: Wed, 13 May 1998 10:41:57 -0500
To: pgut001@cs.auckland.ac.nz, cryptography@c2.net, unicorn@schloss.li
From: Rick Smith <rick_smith@securecomputing.com>
At 4:09 PM +0000 5/13/98, Peter Gutmann wrote:
> ...... For example everyone
>even vaguely involved in computers and security knows that US-exportable
>crypto is no good (it's certainly had press coverage in every imaginable
>medium), so a company which relied on this for security would make itself a
>prime target for negligence lawsuits when their security was breached.
Most people know that just about any computer placed on the Internet is
vulnerable to attack, whether it uses crypto to protect Internet
transactions or not. It's certainly had press coverage in every imaginable
medium.
It's questionable whether you could prove that 40 bit encryption
constitutes the weakest link in the enterprise's security.
Rick.
smith@securecomputing.com
