Timeline for How safe is the 256-bit encryption used in bank transactions?
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 11, 2012 at 13:57 | comment | added | Bruno | @woozle, indeed, but you have to restrict the scope of the question too. If we don't assume the OP has checked whether SSL was enabled, with the correct host and a trusted cert (which is what SSLStrip targets), there's no point asking about the security offered by the key size. The list of other threats could be very long otherwise. | |
| Apr 11, 2012 at 13:50 | comment | added | woozle | @Bruno, I don't believe that in security it is safe to assume anything is secure. | |
| Apr 11, 2012 at 4:27 | comment | added | Ashwin | @woozle : But, why is there a need to use a symetric key. When the data itself can be ncrypted suing the server's public key. In case of user authentication, only the username and password are are needed which is not very long and can be emcrypted directly using a 2048 bit rsa key(with 2048 bit key you can directly encrypt data upto 256 bytes.) | |
| Apr 10, 2012 at 18:30 | comment | added | dr jimbob | +1 for interesting read. Particularly, about the old browsers not checking who's allowed to sign intermediate certificates, users trusting the lock favicon, and unicode chars in the URL like: ⁄ that are similar to / as part of a wildcard signed domain. | |
| Apr 10, 2012 at 14:32 | comment | added | Bruno | The question is quite specifically about the relationship between strength and key size, although the OP hadn't realised it was about the symmetric keys. It's fair to assume that HTTPS is used correctly here, with the right website. What you're talking about is a completely different problem. | |
| Apr 10, 2012 at 14:21 | comment | added | ewanm89 | And that's before we get to the problem that we can't trust CAs | |
| Apr 10, 2012 at 14:08 | history | answered | woozle | CC BY-SA 3.0 |