Re: Can SSL sessions be compromised?

comphelp@xxxxxxxxx (Todd H.) (07-04-06 10:15:49):

SSL is a very weak system using encryption that can be cracked in
real time by anyone with the knowledge and just a couple of thousand
US $

It should never be trusted for things like banking etc. Its use is
to keep out hobby hackers and determined hobby hackers. It is not
capable of protecting against determined organised attack.

Specify a version level of SSL (greater than known-weak SSL v 2.0)
that this applies to, or a specific implementation's flaw, cite
resources, or step away from the crackpipe and/or troll keyboard.

There is one implementation-specific flaw that some implementations
(especially in browsers) use RC4 by default. Also I wouldn't consider
the default key lengths secure enough. There is nothing specifically
broken here, but I can't recommend RC4 for new applications.

These design decisions are based on the fact that strong cryptography
takes CPU power. It's not SSL's fault, and luckily you can always turn
from the defaults.


Regards,
Ertugrul Söylemez.


--
From the fact that this CGI program has been written in Haskell, it
follows naturally that this CGI program is perfectly secure.
.