adurch(_at_)softhome(_dot_)net wrote:
Dennis Glatting writes:
Has anyone else noticed election.com is using only weak crypto to
protect ICANN vote transactions?
...
Key exchange: RSA(512) (*** WEAK ***)
Encryption: RC4(40) (*** VERY WEAK ***)
How much more do you suggest?
Considering 40 bit crypto is fairly easy to brute force, RC4-128 or
3DES with 1024 bit key exchange. Of course, I am ignoring whether
SSL/TLS is useful at all except on the perception front; however, it
is on the perception front that the use of weak crypto to protect vote
casting raises an eyebrow. Plus, I find it annoying to have to
re-enable weak crypto on my browser. :)