> yep - our customers may actually me isp's, and the end users isp's
> customers. I think long term we will go the SSL route, but for beta use an
> applet. That said, i feel better about using our 1024 bit encryption for the
> passwords than 128 bit encryption SSL uses - i don't see 128bit as being
> that secure in a couple of years...
If you are using passwords as the key, then it is unlikely that using
1024 vs. 128 bit means a bit of difference. Unless you are requiring
that users use a 250 character password. The entropy of 6-10 digit
passwords is such that they are the weak point no matter how many bits
you use > 64, even if they are "good" passwords. If you worried, you're
worried about the wrong thing. Throwing more bits at it ain't going to
help.
--Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
