Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iPad and access to university ERP

From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Thu, 22 Jul 2010 08:08:31 -0600
My point is that this kind of connection isn't persistent.  Realistically - someone would have to be sniffing the 
traffic - discover the session - attempt to "brute force" it - and hope to get something meaningful from the session.  

Yeah - sometimes "good enough" is just that.....(just my take....)

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis 
Kletnieks
Sent: Wednesday, July 21, 2010 9:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iPad and access to university ERP

On Wed, 21 Jul 2010 16:45:27 MDT, "SCHALIP, MICHAEL" said:


But.....given that the session *is* encrypted - and not persistent-  
wouldn't
*any* kind of encryption be serviceable for something like this?


*any* kind? Given today's CPU speeds, 40 bit encryption is essentially rot-13.
Brute-force test all 1,099,511,627,776 keys in a few minutes.  If you have a botnet of more than a few hundred 
machines, it will take more compute power to distribute the job than it will to break the keys.  Still think "*any*" is 
good enough? :)



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Previous By Date Next
Previous By Thread Next

Current thread: