Kevin Fairhurst wrote the following about [netconnect] Re: (Fwd) V3 - Encryption:
> On 18 Mar 2000 07:21:18 +0000, Andrew Tait ([EMAIL PROTECTED]) wrote:
>
> > If you check out the types of encryption used, V� will accept
> > DEC-CBC3-SHA, but not DES-CBC3-SHA.
>
> So why do they use one method for the test and for applying for the card,
> which works in V�, and then another different one for the actual handling
> of the account? Sounds stupid to me ...
Stupid, and expensive, I think. SSL server-side support costs a fair
amount to use, and they're using a commercial (Netscape Enterprise)
server. If it was me, I'd stick to a single SSL type and save some
pennies.
It looks as though the DES is more secure, but that makes no sense
either. If the account details are set up at DEC, then a hacker could
surely extract the details necessary to get to the account servicing
at the DES level. Unless the hacker is using a Miggy, of course ;)
Totty <8^)
--
Totty has an Amiga A1200, with 68060/50 and 603e/200 PPC.
32Mb RAM. 8x ATAPI CD. 1.7Gb HD. ShapeShifter V3.10 + OS 7.5.5
_____________________________________________________________
NetConnect mailing list. To unsubscribe, send an 'unsubcribe'
message to <[EMAIL PROTECTED]>
