Re: Attacks on IPsec

From: Peter Gutmann (pgut001_at_cs.auckland.ac.nz)
Date: 06/14/05 

Date: 14 Jun 2005 11:22:12 GMT

bmoeller@acm.org (Bodo Moeller) writes:

>There are other ciphersuites that don't do everything you might expect
>from a ciphersuite: TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA.
>These do not provide data encryption, but they do provide
>authentication (but I don't thin anyone uses them).

I know of banks that use them over leased-line links to mainframes, where CPU
cycles are expensive.

Peter.

Relevant Pages

  • Feds Want Banks to Strengthen Web Log-Ons
    ... Internet customers through authentication that goes beyond mere user ... Financial Institutions Examination Council said in a letter to banks ... customers must confirm their identities ... other merchants that are willing to "federate" their Web sites with ...
    (comp.dcom.telecom)
  • Re: is ssl secure enough ?
    ... What's good enough for the banks is good enough for you: ... SSL with two factor authentication is generally a well accepted, ... standard design: yes. ... Dual-factor authentication will be a must and I ...
    (microsoft.public.windows.server.security)
  • Re: Bankers on FFIEC
    ... The FFIEC guidance is just that it is guidance. ... authentication until better, cheaper, easier methods are developed. ... authentication isn't adequate. ... I've found many banks adding addition ...
    (Security-Basics)
  • Re: SSNs and the law - True or False
    ... Someone told me it was only legal for Banks. ... would be better as a second means of authentication? ... >> Social Security Number. ... > But I should clarify that it is a really bad idea... ...
    (microsoft.public.security)
  • Bankers on FFIEC
    ... The FFIEC guidance on online banking calls for strong authentication, ... Does anybody have experience with this situation and understand how banks ...
    (Security-Basics)