On Monday 04 December 2006 19:47, Tim Churches wrote: > Mario, > > "256bit encryption" means that the length of the secret SSL session key > (i.e. the temporary, used-once-only password which is shared between teh > web browser client and teh web server), established by Diffie-Hellman > key exchange, is 256 bits long, which is the same as a completely random > password comprising any of the 256 ASCII characters (not just the usual > alphanumerics), some 32 characters long.
Last time I looked, 256 bits were only 32 bytes = 32 character length (which is indeed too long for nowadays brute force methods if they are chosen truly randomly from 256 possible ones). One bit character encoding is a bit of a bore. But Mario referred to AES encryption with 6+ character password key protection - at least that was my understanding Whenever humans come into the game and have to authenticate themselves, they won't use 32 potentially unprintable characters (unless they use authentication tokens which then others might use too). They tend to use 8 characters at the most, and many don't even bother using caps or non-alphabetic characters Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
