Banks and 128 bit DES
paulfordh@uk.ibm.com
paulfordh at uk.ibm.com
Tue, 21 Mar 2000 11:40:12 +0000
David Hansen wrote ...
>Yes. This is the "response" to my message querying 128 bit DES.
>One would have thought that if a mere customer asked them about a
>specific technical issue they would at least have the intelligence to
>get an answer from the "security area".
>>From: AN Other@bankofscotland.co.uk
>>To: davidh@spidacom.co.uk
>>Date sent: Mon, 20 Mar 2000 08:58:37 +0000
>>Subject: Re: Internet HOBS Feedback Submission
>>
>[snip]
>>
>>The security of Internet HOBS is a dealt with by our security area
>>and IBM
>>who developed the solution, I can assure you that we take it very
>>seriously. The business facing area do not know all the details of
>>the
>>security in place for 'security' reasons, I apologise for my limited
>>knowledge.
As this mentioned IBM, I thought I'd try to use internal contacts to get to
the bottom of this for you.
Then I thought .. Why not go to the https site and look at the crypto used.
My browser reports 128 bit RC4, with a cert issued by Verisign - Server
Gated Crypto no doubt.
I _really_ hope we aren't all getting hot under the collar because someone
mixed up RC4 and DES in some marketing blurb ... are we ?
Cheers,
Paul
--
Paul Ford-Hutchinson : EMEA eCommerce application security :
paulfordh@uk.ibm.com
OSU-1, IBM , PO Box 31, Birmingham Rd, Warwick, CV34 5YR +44 (0)1926 462005