Pref

[Johan Wevers]

Kiefer, Sascha wrote:

>But i think, it's not the boss of the bank that will change those
>Settings but the security administrator. They have some decent
>knowledge.

Are they cryptographers?

>And there will be a handbook where everything will
>Explained in detail,

Who writes that book? Some well-known crypto researcher whose judgement
is based on knowledge, or some overpaid consultant who obtained his
knowledge from a FAQ on internet of which he probably only (hopefully
at least) understands the conclusion?

>and the default settings are as strong as Possible

How can you judge that? I really don't know if Twofish is stronger than AES,
or IDEA, or 3DES. As far as I know, all 2 are currently unbreakable.
Besides, for a bank, outruling 3DES as in your example because it would be
to weak is ridiculous. Even if it would be possible to crack, the costs to
do so would be either very low (cipher is really broken), or much higher
than the possible profit gained in a fraudulous transaction, so noone would
do it.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html