On Sun, 19 Sep 1999, avishver wrote:
> Greetings,
>
> Epicurus question:
> Is it *really* bad practice to use 40bit SSL, even in banking transactions,
> when the average session time ("session": from user point of view, the
> time he is connected to the web server) is usually less than 20 minutes ?
Keep in mind that, while the session may only last a short period of time,
certain important pieces of information (username/password combinations,
account numbers, balances) are likely to stay the same for significantly
longer. I might not be able to highjack your current session, but I would
be able to go in again after your done.
Corbett Waddingham
E-greetings Network Data Wrangler
415-536-1861
http://www.egreetings.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
