Re: HTTPS - How hard to decrypt?

From: Birl (sbirl_at_temple.edu)
Date: 07/09/03

Next message: Richard Parry: "RE: HTTPS - How hard to decrypt?"

Previous message: Birl: "Re: Strange files found on Solaris8"
In reply to: Craig Brauckmiller: "HTTPS - How hard to decrypt?"
Next in thread: Richard Parry: "RE: HTTPS - How hard to decrypt?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 9 Jul 2003 16:50:48 -0400 (EDT)
To: security-basics@securityfocus.com

Craig: Date: 8 Jul 2003 17:33:02 -0000
Craig: From: Craig Brauckmiller <c_brauckmiller@lek.com>
Craig: To: security-basics@securityfocus.com
Craig: Subject: HTTPS - How hard to decrypt?
Craig:
Craig:
Craig:
Craig: We have begun rolling out wireless cards to our VP laptops. We have also
Craig: purchased T-Mobile Hotspot accounts for them to use in such places as
Craig: Starbucks, American Admiral's Clubs, etc.
Craig:
Craig: >From my testing, the user name and password entry screen that TMobile
Craig: requires you to fill in before they will allow you to do any type of
Craig: surfing.
Craig:
Craig: The login page does use HTTPS, so I assume the user name and password are
Craig: encrypted when the user submits the page.
Craig:
Craig: How hard is it to decrypt SSL based traffic over a wireless link or wired
Craig: for that matter? Is it something trivial, or would it take some time to
Craig: break? I just worry about a hacker hanging out at Starbucks and snagging
Craig: a user name and password for free internet access.
Craig:
Craig: Thanks
Craig:
Craig: Craig Brauckmiller

IMHO

I should think it depends on a few factors, mainly the number of bits used
in the encryption. 64-bit encryption would take less time than 128-bit.

Given enough time brute force will crack anything.

I dont see someone sitting at Starbucks wasting time trying to crack the
standard 128-bit SSL. I dont think you have anything to worry about.

Scott Birl http://concept.temple.edu/sysadmin/
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Next message: Richard Parry: "RE: HTTPS - How hard to decrypt?"

Previous message: Birl: "Re: Strange files found on Solaris8"
In reply to: Craig Brauckmiller: "HTTPS - How hard to decrypt?"
Next in thread: Richard Parry: "RE: HTTPS - How hard to decrypt?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]