ietf
[Top] [All Lists]

Re: Election.com & weak crypto

2000-10-04 08:40:02
adurch(_at_)softhome(_dot_)net wrote:

Dennis Glatting writes:

Has anyone else noticed election.com is using only weak crypto to
protect ICANN vote transactions?
...
   Key exchange:   RSA(512) (*** WEAK ***)
   Encryption:     RC4(40) (*** VERY WEAK ***)

How much more do you suggest?


Considering 40 bit crypto is fairly easy to brute force, RC4-128 or
3DES with 1024 bit key exchange. Of course, I am ignoring whether
SSL/TLS is useful at all except on the perception front; however, it
is on the perception front that the use of weak crypto to protect vote
casting raises an eyebrow. Plus, I find it annoying to have to
re-enable weak crypto on my browser. :)



<Prev in Thread] Current Thread [Next in Thread>