Mario Ruiz wrote: > Hi Michael, > >>From an encryption point of view, its fairly robust. In practice it > depends on the algo, the mode, the padding scheme, and password length > used. > > A brute force attack on a AES (aka Rijndael)/256 enc bits stream using a > P4/1.5Ghz/512Mb Ram would take around: > > passwrd len: 6 chars --360 days (63 chars no caps, caps, digits,..) > passwrd len: 8 chars --4030 years > passwrd len: 9 chars --252,000 years
Mario, "256bit encryption" means that the length of the secret SSL session key (i.e. the temporary, used-once-only password which is shared between teh web browser client and teh web server), established by Diffie-Hellman key exchange, is 256 bits long, which is the same as a completely random password comprising any of the 256 ASCII characters (not just the usual alphanumerics), some 32 characters long. That would take a very, very, very long time to crack by brute force, even on one of Horst's computers. Tim C _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
