Re: 40-bit VS 128-bit Encryption

["Adam Newhard" <atnewhard () microstrain com>]

It all depends on how important you feel the username and password are;)
Every encryption "can" be cracked", it's just a matter of time.  I'd say use
128-bit not only b/c it's stronger, but in my experiences I'd rather spend a
little bit more money on hardware that'll do 128-bit w/o any notice of lag
or any real performance impact.  Also, think of it this way...incorporate
the ignorance of many people...what kind of facial expressions are you gonna
get from your bosses when you finish the project, present it to them, and
one of them thinking they really know what's going on asks how many bits of
encryption there are?  Then when you say 40 (even though it's something
really easy to change to 128...he won't understand that), think of what kind
of facial expressions he'll make.  In a lot of cases, you'll get some
frowns.  If you're producing this for someone who isn't very competent at
encryption, they'll be more pleased with buzz words than anything else.  In
other words, if you can get 128 w/o any real performance hit...use it...not
only for protection of you against people trying to break the encryption,
but also for protection of you against an angry boss.  if you ever get
complaints from a boss that says it's too slow for them, you always have the
"you told me to do it" card, but that's not always wise.
adam
----------------------------------------------------
Adam Newhard
Microstrain, Inc.
If vegetarians eat vegetables, watch out for humanitarians

----- Original Message ----- 
From: "Stephen Bock" <sbock () smchcn net>
To: <security-basics () securityfocus com>
Sent: Thursday, June 19, 2003 1:21 PM
Subject: 40-bit VS 128-bit Encryption


> I am setting up a secure website and i was wondering which would be better
> to use, 40-bit or 128-bit?  Obviously, 128-bit would be stronger and not
> easily crackable, but it is also more expensive.  Does anybody know if 40
or
> 128-bit has been cracked yet?  I'm not going to be transmitting any credit
> card info over the net, but i will be sending username, password, etc.
What
> are your thoughts?
>
> ----------------------------------
> Stephen Bock
> Information Technology/Webmaster
> Samaritan Ministries International
>
>
> --------------------------------------------------------------------------
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------