Completely agree Tim, it would take a very long time indeed. Again, beyond the technicalities, and which method is better or worst, the weak link is not so much in the maths as in systemic failures of processess, people, (in)discretion, care(lessness), chain of trust, and things of that kind.
I am not familiar with Log Me In or how it works but I think you said that one needs to be "trustfull" of the server sitting somewhere in the US. Well, in this business only the paranoid survives. Mario Tim Churches wrote: > > "256bit encryption" means that the length of the secret SSL session key > (i.e. the temporary, used-once-only password which is shared between teh > web browser client and teh web server), established by Diffie-Hellman > key exchange, is 256 bits long, which is the same as a completely random > password comprising any of the 256 ASCII characters (not just the usual > alphanumerics), some 32 characters long. > > That would take a very, very, very long time to crack by brute force, > even on one of Horst's computers. > > Tim C > > _______________________________________________ > Gpcg_talk mailing list > [email protected] > http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk > > > _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
