My read is that HTTPS is handled via trivial (took me 15
to 30 minutes to hack and successfuly "script" the OpenSRS
RWI and code runs on Win 98+) Windows OS calls and HTTPS
is also handled in a similarly transparent manor on other
platforms as well. So, while the client is still burdened,
long lived defacto standards make HTTPS a snap to
implement on most (all?) platforms.
For non trivial keys and proper implementation Blowfish is
more secure than HTTPS (512 bit bruteforce is still
thought to be the only way to "break" Blowfish) however so
long as knowledge of my Username and Password allways
anyone access to the RWI environment from any PC in the
world then I suggest the added security of Blowfish is an
illusion, as well as the rest of the OpenSRS API security
layer. And DES is considered a fairly trivial hack
(reached the end of it's useful life -- Which is exactly
why Blowfish was created in the first place) these days
and so actually offers zero security.
On Mon, 24 Nov 2003 11:30:08 -0800 (PST)
Tim Woodcock <twoodcock@baremetal.com> wrote:
>> If communications are encrypted using SSL, that
>>eliminates the need to
>> do any encryption in the client code.
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:50 EDT